Which ports are accessible through the firewall? I believe you are referring to anonymous enumeration of accounts which can be disabled through group policy, or the local security policy. I doesn't show active accounts, that would require the terminal services manager which you could simply look to see what ports it is connecting through and block those. You can use TCP View by sysinternals to see this information. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Beckett Sent: Wednesday, December 08, 2004 10:29 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Exploit Hoping that someone can help me remember what this exploit was or how it is run. I'm trying show my boss that this vulnerability exists but he is skeptical and I know that I've done it before but it was a couple of years back.... We are running W2K terminal server and this box is behind a firewall but accessible from the internet. There is an exploit out there that can be run against the machine's external IP that will return all local accounts active on that server. Does anyone know what I'm referring to?