To turn on this feature, run regedit32; then follow the steps below:

1. Locate HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa.

2. On the Edit menu, click Add Value and add the following:

Value Name: RestrictAnonymous

Data Type: REG_DWORD

Value: 1 (1=on, 0=off)

3. Click OK, and then quit the Registry editor.

4. Shut down and restart NT.

When the RestrictAnonymous value is set to 1, tools that attempt to access resources by using the anonymous connections receive an Access Denied response. When the RestrictAnonymous value is set to 0 or the value is not defined, anonymous connections can list account names and enumerate share names. However, even if this feature is turned on (RestrictAnonymous set to 1), some Win32 APIs support individual name lookups and do not restrict anonymous connections. In other words, programmers can go around the setting, so be careful. For more information about this feature, see Microsoft's Knowledge Base article Q143474 on your TechNet CD-ROM, or on the Web, http://www.microsoft.com/kb.