Re: Security Audit

From: Steven L Umbach (n9rou_at_attbi.com)
Date: 05/19/03 

Date: Mon, 19 May 2003 00:36:03 GMT

         Hi Phil. It sounds like they are concerned about the anonymous
users/null session weakness or possibly the everyone group in ntfs
permissions or user rights. But again, there is not much you can do with W98
computers on the network. The one setting in security options - "additional
restrictions for anonymous connections" can only be set to "do not allow to
enumeration". The most restrictive setting "no access without explicit
anonymous permissions" will give you problems with down level clients - I
believe they will not be able to change their passwords. Even with an all
W2K network, the most restrictive setting is reported to cause problems in
some situations. --- Steve

http://support.microsoft.com/?kbid=246261

"Phil" <pmarg@charter.net> wrote in message
news:Xns937F8495925pmargcharternet@65.82.44.187...
> OK. I'm just going to have to ask them what they expect me to do.
> Apparently, the best way to do this is get rid of all Win9x machines. We
> are on an upgrade path of 16 computers every quarter. This could take a
> while with about 150 machines still runing Win9x.
>
> On to another item in the same security audit. We are running an Win2K AD
> domain with 2 domain controllers. Both DCs were flagged for the following
> vulnerability:
>
> LDAP null base returns information. Unauthorized access to files and
> folders. Set up an access list control to prevent users from dumping the
> base of the tree or issuing a request without knowing the base object.
>
> From what I can gather from my search on google, this is purposely open to
> anonymous access for AD to function properly. Anyone know of a way to lock
> this down without decreasing the functionality of AD?
>
> -Phil
>

Relevant Pages

  • Re: Unable to delete orphaned 1.5 GB System Restore folder
    ... The only computers i fix are my own. ... If so you may want to leave this folder alone. ... it includes all subdirectories with inherited permissions. ... try deleting from the command line using system by using the AT ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Can a lone computer have Access db problems?
    ... Sorry about the loose use of the term 'edit'. ... nor was his permissions changed). ... certain computers to misbehave). ... When you say he is "authorized", that sounds as if the database is ...
    (comp.databases.ms-access)
  • Re: Custom rights
    ... Try giving user who is adding account View Only Exchange Administrator ... >> To add computers to the domain go to AD Users and Computers. ... you will have to manually configure permissions on that user object ... >>> Look into AD delegation, though you may need to do some custom ...
    (microsoft.public.win2000.security)
  • Re: Computer-Assigned Programs Cannot Be Deployed
    ... So it is possible for computers or users in one Domain to fall under the ... Scope of Management of a GPO that was created in another Domain? ... all of the trusts and Share/NTFS Permissions are correct? ... this) but that it does not work between domains is incorrect. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Document in use errors in Word
    ... I also used the OS's Disk Utility to Repair Disk Permissions but ... I copied the "Templates" folder from the MS Office 2004 ... I am the sys-admin at a K-12 school - we're running OSX 10.4.7 Server ... using Workgroup-Manager managed client computers ...
    (microsoft.public.mac.office.word)