Re: Restrict Anonymous Key

• Previous message: Steven L Umbach: "Re: Security Checklist"
• In reply to: Andy: "Restrict Anonymous Key"
• Next in thread: Karl Levinson [x y] mvp: "Re: Restrict Anonymous Key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 17 Sep 2004 22:28:15 GMT

It probably is configured in the security policy for the domain controllers and
policy refreshed itself. Go to Domain Controllers Security Policy/security
settings/local policies/security options and I believe it is the first option -
additional restrictions for anonymous connections. Set it to do not allow anonymous
enumeration of sam account and shares. I believe that setting will work and is
equivalent to the registry setting of 1. None rely on default permissions is the same
as 0 which will work for sure. After done run secedit/refreshpolicy machine_policy
/enforce on your domain controller. Read more about that setting in table 4.6 in the
link below including an availability of a hotfix. --- Steve

http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx

"Andy" <aclelland.nospam@rivermarkcu.org> wrote in message
news:197901c49ccf$f08bbeb0$a301280a@phx.gbl...
> Hello group, my question concerns the Restrict Anonymous
> setting in Windows 2000. We have Windows XP and Windows
> 2000 as our desktop OS and Server 2003 installed on some
> application servers and 2000 as the DC. I set the
> Restrict Anonymous registry key on the DC's to a vaule of
> 0 to allow users with Windows XP to change their password
> when it expires. However, the Registry Setting changes to
> a value of 2 overnight. How do you either prevent the
> registry key from changing or allow Windows XP users to
> access the DC when the key is set to a value of 2?
>
> Thanks for your information

• Previous message: Steven L Umbach: "Re: Security Checklist"
• In reply to: Andy: "Restrict Anonymous Key"
• Next in thread: Karl Levinson [x y] mvp: "Re: Restrict Anonymous Key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Win98 suddenly wont connect to 2003 domain. ... Make sure you can ping the domain controllers ... and wins server by name from the W98 computers. ... Security policy in security options check that "lan manager authentication ... Our clients are a mix of Windows XP and Windows 98. ... (microsoft.public.windows.server.networking) Recommended Group Policy for Mixed W2K W2K3 Domain Controllers ... When you have domain controllers that are both Windows 2000 and Windows 2003 ... security policy to that OU that is specific to Windows 2003? ... Service and Local Service users, which exist only in Windows 2003. ... (microsoft.public.windows.server.active_directory) Re: Domain Local group and Require strong. GPO Problem ... Microsoft MVP (Windows Server System: ... >> controller that is not capable of encrypting secure channel traffic with ... >> that all such domain controllers must be running Windows 2000 or later ... >> Session keys used to establish secure channel communications between ... (microsoft.public.win2000.security) Re: Group Policy broke my DCs ... to be very careful with tweaking services on domain controllers. ... Group Policy - security policy at the OU level which makes it much easier to ... complied from the Windows 2003 Server Security guide for baseline core ... Server - automatic ... (microsoft.public.windows.group_policy) Re: Group Policy broke my DCs ... > need to be very careful with tweaking services on domain controllers. ... > Group Policy - security policy at the OU level which makes it much easier ... > is complied from the Windows 2003 Server Security guide for baseline core ... (microsoft.public.windows.group_policy)