Re: Restrict Anonymous

From: Thor (
Date: 09/21/04

  • Next message: Thor: "Re: Hardening Desktop"
    To: "Andrew Clelland" <>, <>
    Date: Tue, 21 Sep 2004 14:21:25 -0700

    This was a known issue as described in Q328817, but the article says it was
    only during the first time an account was accessed. It has supposedly been
    fixed in SP2.

    If you want to keep it at 1, then change the gp policy that is applying it
    to the DC- I'm assuming that is what changes it every evening (though I'm
    curious as to why it is only in the evening as per the default DC GPO
    application every 5 min...)

    But, I have to say, it is nice to see someone actually trying to have RA=2
    set. Most go with RA=1, which on Win2k, does not do too much.


    ----- Original Message -----
    From: "Andrew Clelland" <>
    To: <>
    Sent: Tuesday, September 21, 2004 9:02 AM
    Subject: Restrict Anonymous

    > Good morning, I am curious about the Restrict Anonymous setting in Windows
    > 2000 Server. Our DC is Windows 2000 and we have some servers with 2003 and
    > half of our workstations are Windows XP. Every evening the restrict
    > anonymous key changes to a DWORD value of 2 (allow users with explicit
    > anonymous permission) and denies users on Windows XP the chance to change
    > their expired password. Does anyone know of a way to force this setting to
    > a
    > DWORD value of 1 (restrict anonymous Users) or make Windows XP work with
    > the
    > DWORD value of 2? Thanks in advance for your insight and I look forward to
    > the responses.
    > ~Andy
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------


  • Next message: Thor: "Re: Hardening Desktop"

    Relevant Pages

    • Re: W2K3 Network with NT box. Logon Script Question
      ... I have a just upgraded to a Windows 2003 newtwork (From Windows ... I have a few remaining windows NT workstations. ... be a new user account and the mapped drive. ... Set up the profile as you like it. ...
    • W3SVC Logs Event ID 100
      ... The server was unable to logon the Windows NT account 'XMAIL\IUSR_XMAIL' due ... The user's password must be changed before logging on ... the first time. ...
    • Re: Logon Password
      ... > the second time since upgrading, ... > first time, thinking that maybe the first password was ... Double click your account name and a window should appear with your account ... Microsoft MVP for Windows / Security ...
    • RE: Setting Account Lockout Policies with a NT PDC
      ... You can rename the local user accounts and/or change the passwords on ... workstations using the "cusrmgr.exe" command from the Windows 2000 Pro - ... Setting Account Lockout Policies with a NT PDC ... PDC is a Windows NT Server ...
    • Remotely changing admin group membership on clients
      ... Admnistrator's group on all the Windows 2000 and Windows XP ... workstations in the domain. ... I do not want to add the account to the Domain Admins group because I ... method to be able to place a domain user account or global group in the ...