Restrict anonymous access to shares, enumeration of SAM accounts and shares, etc, named pipes.
Of course test it in your environment first. Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 20 August 2004 16:56 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] A better way to do this. I see some that look like it but I am not 100% sure which one I need to use. Ryan McDonald Systems Administrator The Bankers Bank 770-805-2304 "Robert Rutherford" <RobertRutherford To @modrus.com> <[EMAIL PROTECTED]> Sent by: cc [EMAIL PROTECTED] ail.activedir.org Subject RE: [ActiveDir] A better way to do this. 08/20/2004 11:45 AM Please respond to [EMAIL PROTECTED] tivedir.org Sorry.. If you want to deploy it via GPO that is. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Rutherford Sent: 20 August 2004 16:42 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] A better way to do this. It's under :- Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options BR Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 20 August 2004 16:34 To: [EMAIL PROTECTED] Subject: [ActiveDir] A better way to do this. Okay I am going through all of the Local Security Policy's and setting the "additional restrictions for anonymous connections" to "No access without explicit anonymous permissions" Now the question I have is I think in the past I found somewhere I can set it for all the servers through a GPO or something like that, does anyone know where I would set this at without having to goto all 75 server and do it 1 by 1? Below are the steps that I am using now. Local Security Policy MMC Snap-In Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy. NOTE: If you cannot perform this step because "Administrative Tools" does not show up in the Program list, then click Start, point to Settings, point to Control Panel, click Administrative Tools, and then click Local Security Policy. Then proceed to step two. Under Security Settings, double-click Local Policies, and then click Security Options. Double-click Additional restrictions for anonymous connections, and then click No access without explicit anonymous permissions under Local policy setting. Restart the member computer or domain controller for the change to take effect. Ryan McDonald Systems Administrator The Bankers Bank 770-805-2304CONFIDENTIALITY NOTICE: This e-mail message, including any attachment, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ======================================================================= Scanned for virus infection by Messagelabs ======================================================================= List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ======================================================================= Email security provided by Modrus using MessageLabs Email Security www.modrus.com ======================================================================= ======================================================================= Scanned for virus infection by Messagelabs ======================================================================= List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ======================================================================= Scanned for virus infection by Messagelabs ======================================================================= List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
