I have been tasked with finding out what will happen to our domain controllers and the systems that depend on them when we make the change to disable null sessions on our domain controllers. We are disabling them to resolve a security hole discovered by an audit.
Normally, I would just change the registry setting and see what breaks, but I don't have that option now. The reason for the caution is that we noticed that member servers were randomly connecting anonymously to the IPC$ share on the DCs. They wouldn't open any files, they would just open a share session, then disconnect a few seconds later.
What I suspect, but cannot prove, is that member servers occasionally do this to check if the domain is "still there" or something to that effect. If that's the case, it seems like disabling null sessions could cause some problems. If anyone could offer some insight, I would appreciate it.
Thanks.
SK