restrict anonymous

The setting of this parameter determines whether SAMR and LSA DCERPC services can be accessed anonymously. This corresponds to the following Windows Server registry options:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous
The option also affects the browse option which is required by legacy clients which rely on Netbios browsing. While modern Windows version should be fine with restricting the access there could still be applications relying on anonymous access.
Setting 1 will disable anonymous SAMR access.
Setting 2 will, in addition to restricting SAMR access, disallow anonymous connections to the IPC$ share in general. Setting yes on any share will remove the security advantage.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family



Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Samba\smb_conf\restrict anonymous
Value Namerestrict anonymous
Value TypeREG_DWORD
Default Value0
Min Value
Max Value

samba.admx

Administrative Templates (Computers)