Anonymous enumeration still enabled
- From: carfarmer@xxxxxxxxx
- Date: 2 Dec 2005 16:10:17 -0800
I am having a problem blocking anonymous enumeration on my Windows 2003
domain controller. I have applied all of the "network access" settings
that should prevent this in Group Policy (shown below). I have then
double-checked that these are applied in both secpol.msc and the
registry. However, I am still able to enumerate usernames and password
policies from a non-trusted client (not part of the domain) from a
completely different segment using a tool called "enum.exe". Any ideas
why I would still be able to enumerate? FYI... this server was not
upgraded from W2K... It was built fresh as a W2K3 DC.
Network access: Allow anonymous SID/Name translation|DISABLED
Network access: Do not allow anonymous enumeration of SAM
accounts|ENABLED
Network access: Do not allow anonymous enumeration of SAM accounts and
shares|ENABLED
Network access: Let Everyone permissions apply to anonymous
users|DISABLED
Network access: Named pipes can be accessed anonymously|DISABLED
Network access: Restrict anonymous access to Named Pipes and
shares|ENABLED
.
- Follow-Ups:
- Re: Anonymous enumeration still enabled
- From: Steven L Umbach
- Re: Anonymous enumeration still enabled
- Prev by Date: Re: Administrator Reset
- Next by Date: Re: Access to Secure "Documents & Settings" in Removed Hard drive
- Previous by thread: Re: Administrator Reset
- Next by thread: Re: Anonymous enumeration still enabled
- Index(es):
Relevant Pages
|
