I've seen some other threads on this, but basically I am getting a result back from a Qualys scan that is saying that it can see a remote user list using NetBIOS and also it has Null Session NetBIOS Access vulnerability. This is coming back for all my domain controllers, which are also Windows Server 2008's.
Everything I"ve read talks about making some policy changes regarding SAM accounts and shares, which I've looked at, and also making some Registry changes. I have two issues with this though: one is that the policy change for SAM accounts :Network Access: Do not allow anonymous enumeration of SAM accounts, states that this policy does not affect domain controllers, but nowhere can I find why it doesn't affect domain controllers, and whether domain controllers are vulnerable to null session remote user list disclosure, so can someone please explain that to me.
Second, all of what I have read has been directed toward changes in Windows 2003 or before, but nowhere does anybody have definite information if Windows Server 2008 is also vulnerable. Does anyone know if Windows 2008 is vulnerable or not to these vulnerabilities, and if not, why not?
I'd really appreciate any guidance on this that anyone can give. Thanks.