Home page logo
/

basics logo Security Basics mailing list archives

Enterprise fallout from RestrictAnonymous
From: "Chewy Gravy" <chewygravy () gmail com>
Date: Tue, 14 Mar 2006 09:03:09 -0500

Does anyone have experience with an enterprise-wide reset of the
RestrictAnonymous registry value from 0 to 1? This would include NT,
200 and 2003 servers - I'm wondering if there are any gotcha's we
should be aware of in real-world deployment of such a change. Because
we have a mixed environment, I don't believe we can safely set
RestrictAnonymous to 2 without breaking a lot of downstream servers.

MS has this helpful article:
http://support.microsoft.com/kb/890161/?sd=RMVP&fr=1#XSLTH3165121123120121120120

which also makes me wonder if setting the value to 1 is of any use -
won't any auditor worth their salt use the tools that can still
enumerate accounts unless the value is set to 2?

Thanks

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]