WinSecWiki > Security Settings > Local Policies > Security Options > Network Access > Allow anonymous SID/Name translation

Network access: Allow anonymous SID/Name translation

This setting is primarily an issue on workstations and member servers where you have renamed the administrator account to help hide it from attack. If enabled, this setting allows a bad guy to anonymously submit the SID of Administrator to this computer and get back the current name of the Administrator account. It’s easy to determine the SID of the built-in Administrator account since it is a “well-known SID” always ends in 500.

Bottom line

Disable this setting on workstations and member servers where you have renamed Administrator. Be careful about enabling this setting on domain controllers since it can prevent computers with one way trusts to this domain from displaying user and group names in access control lists.

Back to top

 

Additional Resources