Restrict enumeration of account and policy info
From: gmanslater (gmanslater@notsohotmailmaps.com)
Date: 03/03/03
- Next message: Adrian Cegla: "Re: Password Files"
- Previous message: iglooo101: "http://www.netcelera.com/"
- Next in thread: Motherchucker: "Re: Restrict enumeration of account and policy info"
- Reply: Motherchucker: "Re: Restrict enumeration of account and policy info"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "gmanslater" <gmanslater@notsohotmailmaps.com> Date: Sun, 2 Mar 2003 20:12:14 -0500
Our people running ISS are enumerating account info on Windows 2000 workstations as we only set RestrictAnonymous value to 1 and that isn't sufficient on W2K. I was thinking of remotely change workstation's SeNetworkLogonRight (Access this computer from network right) to remove everyone and authenticated user. Do you think this will be enough if scanned from null user? If scanned with a domain user account? I have set SeNetworkLogonRight to just include Administrators on many without issue as we have a policy against sharing out local files and printers. I haven't read much about problems after setting SeNetworkLogonRight so I thought I would ask.
Slater
- Next message: Adrian Cegla: "Re: Password Files"
- Previous message: iglooo101: "http://www.netcelera.com/"
- Next in thread: Motherchucker: "Re: Restrict enumeration of account and policy info"
- Reply: Motherchucker: "Re: Restrict enumeration of account and policy info"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
