Re: Restrict enumeration of account and policy info

From: Motherchucker (charles@NOSPAM.charleswjones.com)
Date: 03/27/03

  • Next message: Motherchucker: "Re: Remote control a Win NT server."
    From: "Motherchucker" <charles@NOSPAM.charleswjones.com>
    Date: Thu, 27 Mar 2003 05:18:13 -0600
    
    

    "gmanslater" <gmanslater@notsohotmailmaps.com> wrote in message
    news:v65avf4857m19b@corp.supernews.com...
    > Our people running ISS are enumerating account info on Windows 2000
    > workstations as we only set RestrictAnonymous value to 1 and that isn't
    > sufficient on W2K. I was thinking of remotely change workstation's
    > SeNetworkLogonRight (Access this computer from network right) to remove
    > everyone and authenticated user. Do you think this will be enough if
    scanned
    > from null user? If scanned with a domain user account? I have set
    > SeNetworkLogonRight to just include Administrators on many without issue
    as
    > we have a policy against sharing out local files and printers. I haven't
    > read much about problems after setting SeNetworkLogonRight so I thought I
    > would ask.
    >
    > Slater

    How about RestrictAnonymous = 2

    Charles


  • Next message: Motherchucker: "Re: Remote control a Win NT server."