> Depending on the services your systems are required to provide, it may be > possible for you to restrict or disable anonymous null sessions on your > Windows 2000 hosts. This can be done through the > > HKLM\SYSTEM\CurrentControlSet\Control\LSA key with the following parameters: > > Value: RestrictAnonymous > Value Type: REG_DWORD > Value Data: 0x1 or 0x2 (Hex) > According to Microsoft Knowledge Base Article Q246261 , this key can take on > the following values: > > 0x0 = None. Rely on default permissions > 0x1 = Do not allow enumeration of SAM accounts and names > 0x2 = No access without explicit anonymous permissions
Be extremely careful with this on a DC with Exchange on it. There is an update, but if you do not have the update and you set to anything other than 0x0, Exchange service will stop dead in its tracks. (I speak from experience.) John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
