RE: Restrict Anonymous
From: Laura A. Robinson (laurarobinson_at_earthlink.net)
Date: 09/21/04
- Previous message: Cerga, Skerdi (C3): "RE: Application sniffer"
- In reply to: Andrew Clelland: "Restrict Anonymous"
- Next in thread: Thor: "Re: Restrict Anonymous"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Andrew Clelland'" <aclelland@rivermarkcu.org>, <focus-ms@securityfocus.com> Date: Tue, 21 Sep 2004 17:10:18 -0400
It sounds like this has been set in group policy, most likely on the Domain
Controllers OU. In GP, go to Computer Settings -> Windows Settings ->
Security Settings -> Local Policies -> Security Options -> Additional
restrictions for anonymous connections (I'm working from memory here, so I
might be off a bit) and choose the second option in the list, which should
read something like "Do not allow enumeration of SAM accounts and shares".
The reason that you're having problems with your XP clients only is because
a setting of 2 for RA is no longer supported in XP or Win2k3. Instead, there
are numerous other configuration options that allow you to achieve
essentially the same result, but you need the XP/Win2K3 GP templates.
Laura
> -----Original Message-----
> From: Andrew Clelland [mailto:aclelland@rivermarkcu.org]
> Sent: Tuesday, September 21, 2004 12:03 PM
> To: 'focus-ms@securityfocus.com'
> Subject: Restrict Anonymous
>
> Good morning, I am curious about the Restrict Anonymous
> setting in Windows 2000 Server. Our DC is Windows 2000 and we
> have some servers with 2003 and half of our workstations are
> Windows XP. Every evening the restrict anonymous key changes
> to a DWORD value of 2 (allow users with explicit anonymous
> permission) and denies users on Windows XP the chance to
> change their expired password. Does anyone know of a way to
> force this setting to a DWORD value of 1 (restrict anonymous
> Users) or make Windows XP work with the DWORD value of 2?
> Thanks in advance for your insight and I look forward to the
> responses.
>
>
> ~Andy
>
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Cerga, Skerdi (C3): "RE: Application sniffer"
- In reply to: Andrew Clelland: "Restrict Anonymous"
- Next in thread: Thor: "Re: Restrict Anonymous"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
