Hello, What kind of attacks does the following group policy hardening steps thwart in a workgroup environment: - Network Security: LAN Manager authentication level Send NTLMv2 response only. Refuse LM & NTLM - Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers RequireNTLMv2sessionsecurity, Require128-bitencryption, Require message integrity, Require message confidentiality - Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients RequireNTLMv2sessionsecurity, Require128-bitencryption, Require message integrity, Require message confidentiality - Network Security: Do not store LAN Manager hash value on next password change: Enabled - Microsoft network server: Digitally sign communications (always): Enabled - Microsoft network server: Digitally sign communications (if client agrees): Enabled - Microsoft network client: Digitally sign communications (always): Enabled - Network access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled - Administrative Templates>System>Remote Procedure Call>Restrictions for Unauthenticated RPC clients: Enabled (Authenticated) - Network Access: Shares that can be Accessed Anonymously Remove all shares Also are there any other/better hardening group policy settings that you are aware of? Kindly share the same over here. What other network security steps can be taken in a workgroup environment?? Thanks
