Re: Null Sessions

From: jwgoerlich@xxxxxxxxx
Date: Fri, 13 Jul 2007 13:55:18 -0700

Sure, send the .exe to my jwgoerlich@xxxxxxxxx account.

On Jul 13, 4:20 pm, Dan Moesch <DanMoe...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

I am mapping to IPC$ and retrieving the user list with my vuln. scanner.
I could send the .exe over to you? I run it with no credentials and I get
the user list everytime.

"jwgoerl...@xxxxxxxxx" wrote:

Hello Dan,

I would be happy to try and reproduce this on a test Windows 2000
machine. How are you checking for null sessions? What are you running
that shows these are still present after setting the registry key?

Regards,

J Wolfgang Goerlich

On Jul 13, 4:00 pm, Dan Moesch <DanMoe...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

I am trying to determine what is causing all of my W2K servers to be allowing
"Null Sessions".
I have changed the "restrictanonymous" reg values to 2 and check the local
policy settings on the servers per this ms doc:http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b246261

Evidently something is still causing these servers to respond to "Null
Sessions". The Windows 2003 servers that have the same GPO settings do not
respond to the Null Session requests?

Anyone ever see this before?

Thanks!
Dan- Hide quoted text -

- Show quoted text -

References:
- Re: Null Sessions
  - From: jwgoerlich

Prev by Date: Re: Null Sessions
Next by Date: Re: How do I request user right: SeShutdownPrivilege
Previous by thread: Re: Null Sessions
Next by thread: Re: Null Sessions
Index(es):
- Date
- Thread

Relevant Pages

Re: Null Sessions
... I would be happy to try and reproduce this on a test Windows 2000 ... How are you checking for null sessions? ... Evidently something is still causing these servers to respond to "Null ... The Windows 2003 servers that have the same GPO settings do not ...
(microsoft.public.windows.server.security)
Re: VS2005 compatibility
... Paul T. ... I know the Link have the Heap and Stack memory settings. ... The EXE could really be bad. ... You say "I can download the program to the target device to run ...
(microsoft.public.windowsce.app.development)
Re: Automatic log-off for certain accounts
... User Configuration - Administrative templates - Windows Components ... "Set time limit for disconnected sessions" ... "Sets a time limit for active Terminal Services sessions" ... If both settings are configured, ...
(microsoft.public.windows.terminal_services)
Re: Can this be done?
... That's got a great primer on attaching multiple applications to a single ActiveX EXE, and some of the issues involved. ... access the already created ActX DLL to read settings that are already set. ... Obviously I can use my second EXE to create an instance of that DLL, ...
(microsoft.public.vb.general.discussion)
Re: mapped printer settings do not carry over
... I should have added that the users connect to the Terminal Server over a VPN ... But once the users have configured the printers in their sessions, ... the settings should be cached nd available for later sessions. ...
(microsoft.public.windows.terminal_services)