[THIN] Re: Question on RemoteAnonymous

• From: "Andrew Wood" <andrew.wood@xxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Thu, 19 Jul 2007 11:13:16 +0100

Cheers Tony, 

 

M$ should fix their baseline security analyser as well then J

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Anthony_Baldwin@xxxxxxxxx
Sent: 13 July 2007 14:29
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Question on RemoteAnonymous

 


Andrew, 

According to
<http://technet2.microsoft.com/windowsserver/en/library/6361e9c2-73ad-49c3-a
012-6d09cebd31611033.mspx?mfr=true>
http://technet2.microsoft.com/windowsserver/en/library/6361e9c2-73ad-49c3-a0
12-6d09cebd31611033.mspx?mfr=true 

The restrictanonymous = 2 setting is not supported in 2003. 

And you should use the EveryoneIncludesAnonymous setting to control
anonymous access to 'other securable objects'. 

Tony 





"Andrew Wood" <andrew.wood@xxxxxxxxxxxxxxxx> 
Sent by: thin-bounce@xxxxxxxxxxxxx 

07/12/2007 11:33 AM 


Please respond to
thin@xxxxxxxxxxxxx


To

<thin@xxxxxxxxxxxxx> 


cc

        

Subject

[THIN] Re: Question on RemoteAnonymous

 

                




Of course, that should all have said 'restrictanonymous' -  but you get the
jist 
  
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Andrew Wood
Sent: 12 July 2007 16:30
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Question on RemoteAnonymous 
  
Hi, 
  
I've been tasked with disable Null Netbios sessions, not a particular
problem, set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa to
dword 2 
  
However, while this *was* possible as a Group Policy in W2k, in W2k3 we have

  
  Computer Configuration==>Windows Settings==>Security Settings==>Local   
  Policies==>Security Options 
  
  Network access: Do not allow anonymous enumeration of SAM accounts and   
  shares 
  
Possible settings for this policy are only..  Enabled and Disabed 
  
This policy also corresponds to the registry entry,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa = 1 or 0. 
  
:? 
  
So.. 
  
Is it that I have to mess about creating a new policy template, or has
someone got one already? 
  
Tia. 
  
  
  
 Andrew 
  
  
  
  


Gilwood CS Ltd 
Registered Office :  197 Leechmere Road, Sunderland, UK, SR2 9DL. No.
6099397 England


  

• References:
  • [THIN] Re: Question on RemoteAnonymous
    • From: Andrew Wood
  • [THIN] Re: Question on RemoteAnonymous
    • From: Anthony_Baldwin

Other related posts:

• » [THIN] Question on RemoteAnonymous
• » [THIN] Re: Question on RemoteAnonymous
• » [THIN] Re: Question on RemoteAnonymous
• » [THIN] Re: Question on RemoteAnonymous

1. Home
2. thin
3. Archive
4. 07-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---