On Thu, Apr 11, 2002 at 04:59:12PM +0200, Schaffner, Andreas wrote:
> Hi,
>
> I read a lot about this, but i don�t know what you mean with RA=2.
> What ist that? I traced the traffic in a Null Session scann but find nothing
> like RA=" or something else.
It means that the key RestrictAnonymous has been set to 2 in
HKLM\CurrentControlSet\Control\LSA
If set to 1 (the only choice for WindowsNT), then NULL sessions will be
prevented some system calls (like "GiveMeTheListOfUsersOnThisHost()")
but it won't prevent "sid walking" ("WhoIsUserWithUid(uid)"), which
allows us to obtain the same result (albeit more slowly).
If set to 2, (Win2K and above), then NULL sessions won't be able to
connect to IPC$, which is needed to communicate with the remote OS. So
it's not possible to obtain any user information about the remote host
at all.
-- Renaud
