ONTAP 9 Manuals ( CA08871-402 )

Configure access restrictions for anonymous users

By default, an anonymous, unauthenticated user (also known as the null user) can access certain information on the network. You can use a SMB server option to configure access restrictions for the anonymous user.

About this task

The -restrict-anonymous SMB server option corresponds to the RestrictAnonymous registry entry in Windows.

Anonymous users can list or enumerate certain types of system information from Windows hosts on the network, including user names and details, account policies, and share names. You can control access for the anonymous user by specifying one of three access restriction settings:

Value Description

no-restriction (default)

Specifies no access restrictions for anonymous users.

no-enumeration

Specifies that only enumeration is restricted for anonymous users.

no-access

Specifies that access is restricted for anonymous users.

Steps
  1. Set the privilege level to advanced: set -privilege advanced

  2. Configure the restrict anonymous setting: vserver cifs options modify -vserver vserver_name -restrict-anonymous {no-restriction|no-enumeration|no-access}

  3. Verify that the option is set to the desired value: vserver cifs options show -vserver vserver_name

  4. Return to the admin privilege level: set -privilege admin

Related information

Available SMB server options

Top of Page