Local Security Policy : Windows 7 Ultimate

[HX1]

I finished wrapping up my upgrade today, everything seemed to just fall into place.. :thumbsup: ...

I am in love with Windows 7 Ultimate right now

... :wub:

The next order of business was doing my system analysis, scans, and changes to make sure I have all the features and that all of the features are secured... I scanned my system with

Tenable Nessus 4.2.1

and had found that I needed to make several adjustments from the default configuration to Windows 7 Ultimate. My original scan with 4.2.0 brought to light several issues, some of which I was unaware. There are three levels of Warning types and vulnerabilities that it brings to light. The first concerned a registry entry and is SEVERE... as noted by the program..

Knowledge Base article referenced:

http://support.microsoft.com/kb/q143474/

Alteration:

1. Run Registry Editor (Regedt32.exe).

2. Go to the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA

3. On the Edit menu, click Add Value and use the following entry:

Value Name: RestrictAnonymous

Data Type: REG_DWORD

Value: 1

4. Exit the Registry Editor and restart the computer for the change to take effect.

I made this change, and updated the program ( from 4.2.0. - 4.2.1 ) as it advised me to do so, then I had to wait for 30 minutes or so while the plugins updated/compiled/whatever.. Upon the second scan , I was notified of one more SEVERE, and one MEDIUM...The SEVERE was my fault, I had put my flash drive on the network share without proper privileges and was able to be accessed by Everyone by default.. therefore also accessible to anyone on the Internet according to Nessus.. I took care of that and the second MEDIUM Warning had to do with the Local Security Policy on my machine...

This is the part I am having some trouble with and looking for some resolution to the issue, as I would like to move on to determining the methods of approaching the 50 more or so LOW Warnings which are mostly about informational related items which can be obtained in basic use, including open ports.. Most of these I can skip and have to exist... Then I get to start on my servers.. which would have been scanned had I started them.. IIS 7.5 was in this scan.. and did a good job of passing I might add.. :thumbsup:

I have, in fact gone to the Local Security Policy ( Group Policy ), and checked the entry; however on the forth scan Nessus is still able to access the system with a random SMB Account...

My question here is

IF this is still possible.. should I be looking in another area to secure this problem?

In Windows XP Home Edition - SP3, I had used a small program called SEConfig XP. This program would disable SMB, but this is no longer supported.. not to mention I have a network now ( with Shares ) and a better OS... I am also not sure what that would disable in Windows 7 Ultimate yet...( not really the Home Network kind of guy ) but I would like to secure the system, before I start digging and moving on as I have been using it this way since 02.25.10.. Way too long.. Any suggestions?

[*dcs18]

Solution:

In the group policy change the setting for

'Network access: Sharing and security model for local accounts' from

'Guest only - local users authenticate as Guest' to

'Classic - local users authenthicate as themselves'.

What exactly do you wish? :unsure:

Do you wish to know how to execute the solution quoted above from the solution offered by the 'Tenable Nessus 4.2.1 screenshot?'

[HX1]

No, see I went to where it is in LSP.. and it sat there with the correct selection.. and I even doubled checked and redid it and rebooted..

Problem is that it is still showing up on the Scan Report.. So what I was thinking is that possibly there is another area that needs to be addressed other than the one mentioned by Nessus... ( and I did look through to make sure it wasn't in several places .. LOL )..

[*dcs18]

I get you. ;)