Some of our w2k mfpsv3 servers got the esbot infection. Part of the clean up is to set 5. Check if removal tool did this already - Modify the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and set "restrictanonymous" = "0" I don't know much about this but was wondering if any of you have done this and not had any problems? It is currently 1 on all our servers including the ones infected. Thanks