Restricting anonymous LDAP enumeration Windows 2000

From: JC (chanj_at_covad.net)
Date: 09/09/04


Date: Thu, 9 Sep 2004 00:05:32 -0400

Hello,

Is there a way to restrict anonymous LDAP enumerations within a Windows 2000
mixed mode Active Directory environment? We ran a security scan and this
topic came up as a security risk so I am trying to restrict anonymous users
access to LDAP information.

Also, should everyone have read access permissions settings to the default
domain (mydomain.com) in Active directory Users and computers? I am not
sure if everyone should have read access. Please advise. Thanks.

JC



Relevant Pages

  • Restricting anonymous LDAP enumeration Windows 2000
    ... Is there a way to restrict anonymous LDAP enumerations within a Windows 2000 ... We ran a security scan and this ... topic came up as a security risk so I am trying to restrict anonymous users ... domain in Active directory Users and computers? ...
    (microsoft.public.win2000.active_directory)
  • RE: Restricting anonymous LDAP enumeration Windows 2000
    ... > Is there a way to restrict anonymous LDAP enumerations within a Windows 2000 ... > topic came up as a security risk so I am trying to restrict anonymous users ... > domain in Active directory Users and computers? ...
    (microsoft.public.win2000.active_directory)
  • RE: Restricting anonymous LDAP enumeration Windows 2000
    ... > Is there a way to restrict anonymous LDAP enumerations within a Windows 2000 ... > topic came up as a security risk so I am trying to restrict anonymous users ... > domain in Active directory Users and computers? ...
    (microsoft.public.win2000.security)
  • Re: Grant Administrative Access to a Domain Controller
    ... Anyone with a good understanding of AD and Windows security will easily see ways of compromising the environment. ... Do not give enhanced rights to Domain Controllers to anyone you don't trust with Domain and/or Enterprise Admins. ... Just know that minimal access can be parlayed into even more access and try as you might, you cannot secure Active Directory from people with server operator or admin or several other levels of access rights on a DC. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Grant Administrative Access to a Domain Controller
    ... MPerrault suggested security, you said "IT CAN BE DONE WITHOUT ANY FANCY ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... Controller Security Policy are also options to log on as a service, ...
    (microsoft.public.windows.server.active_directory)