Microsoft Windows Server 2025
Windows Server 2025 must not allow anonymous SID/Name translation
STIG ID:
WN25-SO-000210
|
SRG:
SRG-OS-000480-GPOS-00227
|
Severity:
High
|
CCI:
CCI-000366
|
Vulnerability ID:
V-278215
Description
Allowing anonymous SID/Name translation can provide sensitive information for accessing a system. Only authorized users must be able to perform such translations.
Check
C-82745r1181349_chk
Verify the effective setting in Local Group Policy Editor.
Run gpedit.msc.
Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options.
If the value for "Network access: Allow anonymous SID/Name translation" is not set to "Disabled", this is a finding.
Fix
F-82650r1181350_fix
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network access: Allow anonymous SID/Name translation to "Disabled".