I am having problems with my network - can’t access shares on computer A from computer B, while the computer A can access computer B. Computer A is running Comodo.
I realized that the registry entry under: HLM>SYSTEM>CurrentControlSet\Control\Lsa: restrictanonymous is always going back to (1) value, while I want it to be (0). I think Comodo puts that there to protect my computer from anonymous logins. I don’t want that.
How can I change it ? What can I do so that Comodo won’t do it after every reboot ? Any ideas ?
A setting of “1” means: “Do not allow enumeration of SAM accounts and names”.
“0” means: “Rely on default permissions”.
“2” means: “No access without explicit anonymous permissions”.
You can also configure it by running secpol.msc and then going to “Security Options”. I’ve noticed though that the Win XP “System Builder” licence has a number of restrictions which can’t be changed. The old OEM licence doesn’t have these restrictions, but Microsoft closed the loophole to prevent the latter version from being sold to end users without being preinstalled on a complete system.
There are several policy settings that exist, by default, that affect anonymous access. These can be found in either ‘Local Policies/User Rights Assignment’ or ‘Local Policies/Security Options’ within secpol.msc.
Of course, if you have a Domain and are using Group Policies, things will be slightly different.
EDIT: forgot to mention that on my own system, the key is set to “0”, so I don’t think it’s the firewall which is forcing the setting back to “1” on your own machine. Did you reboot after making the Registry change? It won’t take effect unless you restart.