This security setting determines if an anonymous user can request security identifier (SID) attributes for another user.

If this policy is enabled, a user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name.

Default:

• Disabled on workstations and member servers.
  
• Enabled on domain controllers.
  

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.

For more information, see:

• Account and local policies
  
• Security Configuration Manager Tools