Re: Where to Enable the Restricting NULL policies Settings
- From: Charles <Charles@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 18 Sep 2009 05:55:02 -0700
Hi Florian:
Thanks for the response. I do understand the policies and have read about
them as well. Just want to make sure.
Thanks much!
"Florian Frommherz [MVP]" wrote:
Charles,.
Charles schrieb:
Question about where to set the two network access policies called:
“Do not allow anonymous enumeration of SAM accounts and shares” and “Do not
allow anonymous enumeration of SAM”. If I want to prevent users from having
access to only 5 servers in the domain would I just enable these settings on
those 5 servers only? Initially I thought that this needed to be set on the
domain controllers only which would prevent this type of NULL access for all
servers in the domain since the accounts live on the DCs. But now I’m
thinking it only needs to be set on the servers that require this
restriction. Is this correct?
have you read the Explain texts of the policies? Just asking - people
sometimes get confused by those two policies and their use. Assuming you
know what these two policies are about, I suggest you enable these
settings on the five servers only. The best way to accomplish this is
create a new OU and move the five servers in there. Then apply a Group
Policy to it and enable the settings.
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
- References:
- Where to Enable the Restricting NULL policies Settings
- From: Charles
- Re: Where to Enable the Restricting NULL policies Settings
- From: Florian Frommherz [MVP]
- Where to Enable the Restricting NULL policies Settings
- Prev by Date: DNS AD Integrated Changing
- Next by Date: Re: RODC Replication
- Previous by thread: Re: Where to Enable the Restricting NULL policies Settings
- Next by thread: RE: windows 2008 dc and trust
- Index(es):
Relevant Pages
|
