If the Administrator password is not set during the initial installation, an anonymous ipc$ connection can be made, then an administrator ipc$ connection can be made without a password. Then shares (i.e. C$ and admin$) can be mounted with administrator privileges.

This will work even when the admin later puts a password on the administrator account.

The registry cannot be fixed to limit or prevent null sessions because null sessions are used by domain controllers to sync accounts, allow file-sharing, tape backups, et al. Member servers are also remotely backed up to tape and disabling null sessions will break the process (unable to access to file-shares).

There is alot of available info on why null sessions are vulnerable, how to attack null sessions and how to disable null sessions, but NObody has published a way to secure null sessions (without disabling them). If Micro$oft tech support even knows, it'll cost $250 to ask them.

Does anyone know if this problem be corrected without reinstalling the OS (and this time providing an admin password during installation)?