Re: Restrict enumeration of account and policy info
From: Motherchucker (charles@NOSPAM.charleswjones.com)
Date: 03/27/03
- Previous message: Motherchucker: "Re: priority"
- In reply to: gmanslater: "Restrict enumeration of account and policy info"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Motherchucker" <charles@NOSPAM.charleswjones.com> Date: Thu, 27 Mar 2003 05:18:13 -0600
"gmanslater" <gmanslater@notsohotmailmaps.com> wrote in message
news:v65avf4857m19b@corp.supernews.com...
> Our people running ISS are enumerating account info on Windows 2000
> workstations as we only set RestrictAnonymous value to 1 and that isn't
> sufficient on W2K. I was thinking of remotely change workstation's
> SeNetworkLogonRight (Access this computer from network right) to remove
> everyone and authenticated user. Do you think this will be enough if
scanned
> from null user? If scanned with a domain user account? I have set
> SeNetworkLogonRight to just include Administrators on many without issue
as
> we have a policy against sharing out local files and printers. I haven't
> read much about problems after setting SeNetworkLogonRight so I thought I
> would ask.
>
> Slater
How about RestrictAnonymous = 2
Charles
- Previous message: Motherchucker: "Re: priority"
- In reply to: gmanslater: "Restrict enumeration of account and policy info"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
