Re: Deny all anonymous

From: Steven L Umbach (sumbach55_at_ameritech.net)
Date: 11/28/03

  • Next message: Steven L Umbach: "Re: IPSEC Between two PCs in Win2K" 
    Date: Thu, 27 Nov 2003 23:28:38 GMT

    This is accomplished with a firewall, acls permissions, security options,
    and user rights assignments. A firewall is the best way to block access to
    null sessions from untrusted networks. For within your network you can
    replace the everyone and users group with the authenticated users in acls
    and user rights assignments and harden the security option for additional
    restrictions for anonymous users to no access without explicit anonymous
    permissions. However I would not recommend changing that security option to
    setting "2" for a mixed network as you will have problems especially with
    password changes [including XP clients] and spotty performance of network
    browsing . See the KB link below for the ramifications of restricting
    anonymous access to strictest setting and I suggest you read the Windows
    2000 Security Hardening Guide for specific recommendations that involve
    different network makeups.. --- Steve

    http://support.microsoft.com/?kbid=246261
    http://tinyurl.com/vgd5

    "Bill W." <anonymous@discussions.microsoft.com> wrote in message
    news:020c01c3b51c$f3c93f30$a101280a@phx.gbl...
    > Hi,
    >
    > I want to deny all and/or any anonymous access to any
    > services, workstations, and clients. Also I don't want to
    > allow null anything,(pipes, shares, etc.). I have a win2k
    > advanced netowrk with mixed clients and servers. Clients
    > are Win98Se, Win2kPro, WinXP Pro. Servers are
    > Win2kAdvanced, Win2003Standard, WinNT 4.0.
    >
    > Any info is helpfull. Thank you.

  • Next message: Steven L Umbach: "Re: IPSEC Between two PCs in Win2K"