The setting of this parameter determines whether SAMR and LSA DCERPC services can be accessed anonymously. This corresponds to the following Windows Server registry options:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous
The option also affects the browse option which is required by legacy clients which rely on Netbios browsing. While modern Windows version should be fine with restricting the access there could still be applications relying on anonymous access.
Setting 1 will disable anonymous SAMR access.
Setting 2 will, in addition to restricting SAMR access, disallow anonymous connections to the IPC$ share in general. Setting yes on any share will remove the security advantage.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Samba\smb_conf\restrict anonymous |
Value Name | restrict anonymous |
Value Type | REG_DWORD |
Default Value | 0 |
Min Value | |
Max Value |