Enumeration of SAM and/or shares on 2003 DC
From: Derek Melber [MVP] (derekm_at_braincore.net)
Date: 04/22/04
- Next message: JulienGenevee: "Changing password in Active Directory 2003 using java LDAP"
- Previous message: Mike: "Adding a second domain controller"
- Next in thread: Richard Sweetnam: "Re: Enumeration of SAM and/or shares on 2003 DC"
- Reply: Richard Sweetnam: "Re: Enumeration of SAM and/or shares on 2003 DC"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 22 Apr 2004 14:39:33 -0700
I am wondering if anyone has found a tool that can successfully enumerate the list of users or shares from a Windows Server 2003 DC, using null credentials (net use \\server\ipc$ /u:"" "") on a box that is not associated with the domain? With Windows 2000 DCs, you can do this as long as you don't have the RestrictAnonymous setting set to 2. With Windows Server 2003 DCs, I find that even a setting of 0 for both the RestrictAnonymous and RestrictAnonymousSAM settings don't allow this enumeration. (Windows 2003 does not support the value of 2 for RestrictAnonymous, so this is not the cause of the action.)
I have used the following tools to accomplish this, but none provide the results:
enum.exe
Dumpsec.exe
GFI Languard
GetAcct.exe
All result in a Access Denied when attempting to gather the SAM or shares.
-- Derek Melber BrainCore.Net derekm@braincore.net
- Next message: JulienGenevee: "Changing password in Active Directory 2003 using java LDAP"
- Previous message: Mike: "Adding a second domain controller"
- Next in thread: Richard Sweetnam: "Re: Enumeration of SAM and/or shares on 2003 DC"
- Reply: Richard Sweetnam: "Re: Enumeration of SAM and/or shares on 2003 DC"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
