Enabling Null/Anonymous Enumeration on Server 2022
I've set up a test domain for a demo that I'm working on, and need to enable enumerating users using netexec/rpcclient, etc. using an anonymous login.
I've created a GPO with these settings, set it to enforced, and linked to the Domain Controllers group:
Network access: Allow anonymous SID/Name translation Enabled
Network access: Do not allow anonymous enumeration of SAM accounts
Disabled Network access: Do not allow anonymous enumeration of SAM
accounts and shares Disabled Network access: Let Everyone
permissions apply to anonymous users Enabled Network access:
Named Pipes that can be accessed anonymously COMNAP, COMNODE,
SQL\QUERY, LLSRPC, BROWSER, netlogon, samr Network access:
Restrict anonymous access to Named Pipes and Shares Disabled
I've also changed these registry values on the DC:
restrictanonymous in HKLM\System\CurrentControlSet\Control\Lsa
restrictanonymoussam in HKLM\System\CurrentControlSet\Control\Lsa
RestrictNullSessAccess in HKLM\System\CurrentControlSet\Services\RpcSs
However, after running gpupdate /force and rebooting, the null authentication still isn't working. I'm not an AD admin, do you all know what I could be missing? This is Server 2022.
