Re: *prevent* ldap enumeration for domain user

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Massimo" <barone@xxxxxxxxx>
• Date: Sat, 29 Nov 2008 07:51:47 +0100

---

"scubaal" <al@xxxxxxxxxx> ha scritto nel messaggio news:538dd946-3677-4e59-b163-9af0dfdd30b8@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

c) problem is that if the domain account can log in *then* the same
credentials *could* be used to enumerate the ldap info from the entire
domain (we think). This would cause us security issues.

What kind of security issues?
Is it really a big trouble if those users can enumerate domain user accounts?
They won't have (by default) any write/modify right, so what could actually be an issue here?


Massimo

.

---

• References:
  • *prevent* ldap enumeration for domain user
    • From: scubaal
  • Re: *prevent* ldap enumeration for domain user
    • From: Meinolf Weber
  • Re: *prevent* ldap enumeration for domain user
    • From: scubaal

• Prev by Date: Re: Diskpart batch in AD startup script policies
• Next by Date: AD Sites service not replicate
• Previous by thread: Re: *prevent* ldap enumeration for domain user
• Next by thread: RE: *prevent* ldap enumeration for domain user
• Index(es):
  • Date
  • Thread

---

Relevant Pages Dynamic Checking of Roles - Enterprise Services ... security in ASP.net. ... since I am trying to create a base class ... I basically am looking for a way to enumerate the ... And by standardizing the method level checks, ... (microsoft.public.dotnet.framework.aspnet.security) RE: Modem detection in a LAN ... When doing research for a RestrictAnonymous article for Security Focus, ... wrote a series of little apps to enumerate net info with the NULL ... With NT4 boxes, the tool was great as it could run against a machine as ... (Pen-Test)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2008-11