CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.5.8 LanmanWorkstation

This section contains recommendations related to Lanman Workstation.

This Group Policy section is provided by the Group Policy template LanmanWorkstation.admx/adml that is included with the Microsoft Windows 10 RTM (Release 1507) Administrative Templates (or newer). 18.5.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.

The recommended state for this setting is: Disabled .

Rationale:

Insecure guest logons are used by file servers to allow unauthenticated access to shared folders.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation:Allo wInsecureGuestAuth

Remediation:

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Network\Lanman Workstation\Enable insecure guest logons

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template LanmanWorkstation.admx/adml that is included with the Microsoft Windows 10 Release 1511 Administrative Templates (or newer).

573 | P a g e