Restricting anonymous LDAP enumeration Windows 2000

From: JC (
Date: 09/09/04

Date: Thu, 9 Sep 2004 00:05:32 -0400


Is there a way to restrict anonymous LDAP enumerations within a Windows 2000
mixed mode Active Directory environment? We ran a security scan and this
topic came up as a security risk so I am trying to restrict anonymous users
access to LDAP information.

Also, should everyone have read access permissions settings to the default
domain ( in Active directory Users and computers? I am not
sure if everyone should have read access. Please advise. Thanks.