{
# 0 allows to retrieve the list of users without being logged on the domain 
# 1 will disable anonymous SAMR access. (including user enumeration)
# 2 will, in addition to restricting SAMR access, disallow anonymous connections to the IPC$ share in general. (preventing login to smb PDC)
# The option also affects the browse option which is required by legacy clients which rely on Netbios browsing. 
# While modern Windows version should be fine with restricting the access there could still be applications relying on anonymous access.
}
restrict anonymous = 1
