CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Impact:

The SMB client will reject insecure guest logons. This was not originally the default behavior in older versions of Windows, but Microsoft changed the default behavior starting withWindows 10 R1709: Guest access in SMB2 disabled by default in Windows 10 and Windows Server 2016

Default Value:

Windows 10 R1703 and older: Enabled. (The SMB client will allow insecure guest logons.)

Windows 10 R1709 and newer: Disabled. (The SMB client will reject insecure guest logons.)

CIS Controls:

Version 6

9.1 Limit Open Ports, Protocols, and Services Ensure that only ports, protocols, and services with validated business needs are running on each system.

Version 7

9.2 Ensure Only Approved Ports, Protocols and Services Are Running Ensure that only network ports, protocols, and services listening on a system with validated business needs, are running on each system.

574 | P a g e