Can't disable anonymous enumeration
- From: carfarmer@xxxxxxxxx
- Date: 2 Dec 2005 16:32:18 -0800
I am having a problem blocking anonymous enumeration on my Windows 2003
domain controller. I have applied all of the "network access" settings
that should prevent this in Group Policy (shown below). I have then
double-checked that these are applied in both secpol.msc and the
registry. However, I am still able to enumerate usernames and password
policies from a non-trusted client (not part of the domain) from a
completely different segment using a tool called "enum.exe". Any ideas
why I would still be able to enumerate? FYI... this server was not
upgraded from W2K... It was built fresh as a W2K3 DC.
Network access: Allow anonymous SID/Name translation|DISABLED
Network access: Do not allow anonymous enumeration of SAM
accounts|ENABLED
Network access: Do not allow anonymous enumeration of SAM accounts and
shares|ENABLED
Network access: Let Everyone permissions apply to anonymous
users|DISABLED
Network access: Named pipes can be accessed anonymously|DISABLED
Network access: Restrict anonymous access to Named Pipes and
shares|ENABLED
.
- Prev by Date: Re: Deny Policy
- Next by Date: Applying User Settings to PCs in an OU
- Previous by thread: Re: Any Policies to Stop Execution of Programs from Removable Media?
- Next by thread: Applying User Settings to PCs in an OU
- Index(es):
Relevant Pages
|
