Restrictanonymous - registry entry goes back to (1)

I am having problems with my network - can’t access shares on computer A from computer B, while the computer A can access computer B. Computer A is running Comodo.

I realized that the registry entry under: HLM>SYSTEM>CurrentControlSet\Control\Lsa: restrictanonymous is always going back to (1) value, while I want it to be (0). I think Comodo puts that there to protect my computer from anonymous logins. I don’t want that.

How can I change it ? What can I do so that Comodo won’t do it after every reboot ? Any ideas ?

hmm… anyone ?

Hi polishruben.

I very much doubt CFP is changing the registry key you mentioned, it’s certainly not something I’ve seen before. More likely it’s a local or group policy setting that’s being applied.

As for the connection issues, when computer B attempts to connect to computer A, do you receive any alerts in the CFP logs, if so what?


Toggie, thank you for replying…
the CFP does not give me any alerts while trying to connect. The only alert that I have is the regular win message that I cannot connect ( lack of privilages etc… )…

hmm… If CFP does not messes with registry, than it must be something else. Shoot.
thanks for pointing me out in the better direction.

No worries :slight_smile: Let us know what you find out or if you need any more help.

A setting of “1” means: “Do not allow enumeration of SAM accounts and names”.
“0” means: “Rely on default permissions”.
“2” means: “No access without explicit anonymous permissions”.

You can also configure it by running secpol.msc and then going to “Security Options”. I’ve noticed though that the Win XP “System Builder” licence has a number of restrictions which can’t be changed. The old OEM licence doesn’t have these restrictions, but Microsoft closed the loophole to prevent the latter version from being sold to end users without being preinstalled on a complete system.

hmm… zito, the entry you are mentioning I think are related to regentry of “restrictanonymoussam” not to the one I mention.

also the entry that I mention, it doesn’t look like it can be changed via group policy. I am trying to read more about it, but it is hard to find anything. ehh… still looking.

I have no clue what have happened. I installed Comodo and after a few days I cannot access shares - thats why I was wondering if CFP messed something up in the registry…

i will keep you updated.


There are several policy settings that exist, by default, that affect anonymous access. These can be found in either ‘Local Policies/User Rights Assignment’ or ‘Local Policies/Security Options’ within secpol.msc.

Of course, if you have a Domain and are using Group Policies, things will be slightly different.

Take a look at this article:


no go. I looked through the article, enabled options, changed what I could, and still - nothing works. But I guess this is not a discussion for this forum…

thanks for help

Not according this article: (Scroll down to “Using the Registry Editor”). There are some more links at the foot of the page which might help too.

EDIT: forgot to mention that on my own system, the key is set to “0”, so I don’t think it’s the firewall which is forcing the setting back to “1” on your own machine. Did you reboot after making the Registry change? It won’t take effect unless you restart.

ok. I got it the problem.

the problem wasn’t with the comodo firewall or anything else. It was a trojan (sic). I know it makes me look like a noob, but I though that nod32 will detect that bug. Obviosly not.

For anyone else out there: there was an entry in the run registry: svdhost.exe. Look for it on google and how to remove it.

I’m glad you found the solution polishruben, A trojan in the works wasn’t an obvious candidate for your problem, but then again, it’s always wise to check these things, these days.