SAMR named pipe

---

• From: adrianwheway@xxxxxxxxxxx
• Date: Thu, 31 Jan 2008 07:35:51 -0800 (PST)

---

Hi there,

On my Windows 2003 servers I prevent anonymous sid and name
translation, I do not allow anonymous enumeration of SAM accounts or
shares and I do not allow the everyone permission to apply to
anonymous users. I also do not allow any named pipes to be accessed
anonymously.

I have an application that manages passwords and in order to change
the passwords of accounts on remote servers across the network, the
target servers must allow anonymous access to the named pipe SAMR.

Are there any serious security implications if I allow anonymous
access to the SAMR named pipe, but keep the other restrictions in
place?

Thanks,
Adrian.
.

---

• Follow-Ups:
  • Re: SAMR named pipe
    • From: Lognoul, Marc [Private]

• Prev by Date: Re: How to not allow user move folders accidentially in MS server 2003?
• Next by Date: Re: Extend Root CA cert lifetime
• Previous by thread: How to not allow user move folders accidentially in MS server 2003?
• Next by thread: Re: SAMR named pipe
• Index(es):
  • Date
  • Thread

---

Relevant Pages SAMR named pipe ... On my Windows 2003 servers I prevent anonymous sid and name ... I do not allow anonymous enumeration of SAM accounts or ... target servers must allow anonymous access to the named pipe SAMR. ... (microsoft.public.windows.group_policy) Searching for remoted service ... The client application uses SHBrowseForFolder standard Windows dialog to ... permitting the client to select a server to which to attempt a connection. ... The named pipe in this case is managed by a Windows ... client to make requests from one or more servers. ... (microsoft.public.dotnet.languages.csharp)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2008-01