RE: Problem Disabling "Null Session" on W2K3

What are the registry values set at?

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of eneko.astorkiza@xxxxxxxxxxxx
Sent: Tuesday, November 14, 2006 10:18 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Problem Disabling "Null Session" on W2K3

Hi all,

Firstly excuse my english, i'm spanish.

I'm trying to secure some AD servers and i have a problem.

I scan then (w2k3 AD Servers) with Retina and it says that i have "Null
Session" enabled, so it shows all the domain users. (I'm doing with a
machine out of the domain)

The problem is that if i look at the RestrictAnonymous and
RestrictAnonymousSAM registry values, they are ok :-?

Someone knows why i can enumerate the domain users ???

I have also use SuperScan and the same happens.


Un saludo

Eneko

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: Problem Disabling "Null Session" on W2K3
    ... I scan then (w2k3 AD Servers) with Retina and it says that i have "Null Session" enabled, so it shows all the domain users. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ...
    (Security-Basics)
  • Problem Disabling "Null Session" on W2K3
    ... I scan then (w2k3 AD Servers) with Retina and it says that i have "Null Session" enabled, so it shows all the domain users. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)
  • Exploits and vulnerabilities integral test.
    ... Hi list, I need your opinion in this area, I'm looking some sort of integral solution as a security scanner for *nix and windows based servers, test exploits, code injection, etc. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ...
    (Security-Basics)
  • RE: Verifying E-Mail Addresses
    ... correspondence with the sender upon realizing your own ignorance, ... Original> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... Original> The NSA has designated Norwich University a center of Academic ... Original> in Information Security. ...
    (Security-Basics)
  • Re: user default password checking tool
    ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ... Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. ...
    (Security-Basics)