The setting of this parameter determines whether SAMR and LSA DCERPC services can be accessed anonymously. This corresponds to the following Windows Server registry options:
The option also affects the browse option which is required by legacy clients which rely on Netbios browsing. While modern Windows version should be fine with restricting the access there could still be applications relying on anonymous access.
Setting 1 will disable anonymous SAMR access.
Setting 2 will, in addition to restricting SAMR access, disallow anonymous connections to the IPC$ share in general. Setting yes on any share will remove the security advantage.
|Registry Path||Software\Policies\Samba\smb_conf\restrict anonymous|
|Value Name||restrict anonymous|