On Thu, May 30, 2002 at 05:13:20PM +1000, Tim Potter wrote: > I'm thinking about taking back the restrict anonymous parameter and > using it to do Good Things. Previously in HEAD and currently in 2.2 it > stops people connecting to shares anonymously but I think Mr Bartlett > removed it because it was either buggy or didn't do anything useful. > > I propose that this parameter act like the RestrictAnonymous registry > setting, i.e it prevents anonymous access to the SAMR pipe and anonymous > access to the NetShareEnum RPC when set to 1. When set to 2, it > disallows anonymous access to all RPC pipes. > > Any objections? There's still some more testing and coding to be done. > This may be a good opportunity to implement security descriptors on > pipes.
Hurrah for Tim ! Good idea :-). Jeremy.
