Restrict Anonymous access

Secure Home | Search | About

Lost Password?

Microsoft Applications Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Restrict Anonymous access

Shijo Michael

11-05-2006

Re: Restrict Anonymous access

Steve Riley [MS...

11-05-2006

Posted by =?Utf-8?B?U2hpam8gTWljaGFlbA== on November 5, 2006, 5:05 am

If you were Registered and logged in, you could reply and use other advanced thread options

Recently we have done a security Audit,

As per their recommendation we need to change RestricAnonymous Registry
settings to
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\LSA set to 1,
to prevent access to systems null credentials

Currently it is
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\LSA set to 0

What will be the impact if we changed to 1, any application will have
issues ?(IIS,Exchnage,OWA,etc...),

Please help......

Posted by Steve Riley [MSFT] on November 5, 2006, 3:08 pm

If you were Registered and logged in, you could reply and use other advanced thread options

: quoted-printable

Lots of information in the KB.

http://search.support.microsoft.com/search/default.aspx?query=3Drestricta=
nonymous

______________________________________________________
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com

Recently we have done a security Audit,

As per their recommendation we need to change RestricAnonymous =
Registry=20
settings to=20
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\LSA set to 1,
to prevent access to systems null credentials

Currently it is
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\LSA set to 0

What will be the impact if we changed to 1, any application will have =

issues ?(IIS,Exchnage,OWA,etc...),

Please help......
------=_NextPart_000_001B_01C700D3.1423F9F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<STYLE></STYLE>

<META content=3D"MSHTML 6.00.5750.0" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-RIGHT: 10px; PADDING-LEFT: 10px; FONT-SIZE: 12pt; =
COLOR: #000000; PADDING-TOP: 15px; FONT-FAMILY: Cambria"=20
bgColor=3D#ffffff leftMargin=3D0 topMargin=3D0 CanvasTabStop=3D"true" =
acc_role=3D"text"=20
name=3D"Compose message area">
<DIV>Lots of information in the KB.</DIV>
<DIV> </DIV>
<DIV><A=20
title=3Dhttp://search.support.microsoft.com/search/default.aspx?query=3Dr=
estrictanonymous=20
href=3D"http://search.support.microsoft.com/search/default.aspx?query=3Dr=
estrictanonymous">http://search.support.microsoft.com/search/default.aspx=
?query=3Drestrictanonymous</A></DIV>
<DIV><BR>______________________________________________________<BR>Steve =

Riley<BR><A title=3Dmailto:steve.riley@microsoft.com=20
R><A=20
title=3Dhttp://blogs.technet.com/steriley=20
href=3D"http://blogs.technet.com/steriley">http://blogs.technet.com/steri=
ley</A><BR><A=20
title=3Dhttp://www.protectyourwindowsnetwork.com/=20
href=3D"http://www.protectyourwindowsnetwork.com">http://www.protectyourw=
indowsnetwork.com</A></DIV>
<DIV> </DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Shijo Michael" <<A =
title=3Dmailto:shijo.michael@dubaiholding.com=20
=
.com</A>>=20
wrote in message <A=20
=
DB141-EA44-4138-96B9-114B6B257D74@microsoft.com</A>...</DIV>Recently=20
we have done a security Audit,<BR><BR>As per their recommendation we =
need to=20
change RestricAnonymous Registry <BR>settings to=20
=
<BR>HKEY_LOCAL_MACHINE\system\currentcontrolset\control\LSA   =
set to=20
1,<BR>to prevent access to systems null credentials<BR><BR>Currently =
it=20
=
is<BR>HKEY_LOCAL_MACHINE\system\currentcontrolset\control\LSA  =
set=20
to 0<BR><BR>What will be the impact if we changed to 1,  any =
application=20
will have <BR>issues ?(IIS,Exchnage,OWA,etc...),<BR><BR>Please=20
help......</BLOCKQUOTE></BODY></HTML>

------=

Similar Threads	Posted
restrict access to desk top only	March 19, 2008, 3:04 pm
How to restrict users to access web pages all exept one	July 8, 2006, 2:03 pm
What is the best way to restrict access to Domain Admins on certain folders?	March 19, 2008, 10:31 am
Anonymous User with Admin Access	September 6, 2007, 1:12 pm
Re: Anonymous (NULL user) access to a Share	July 30, 2005, 11:21 pm
DCOM - Allowing Remote Anonymous Access	January 28, 2006, 7:46 pm
Allowing outside users access to company Intranet (anonymous)	January 16, 2007, 10:39 am
Shares, Named Pipes, and Registry for Anonymous Remote Access	February 23, 2007, 2:24 am
Question on - Network Access: Do not allow anonymous enumeration of SAM accounts and shares	April 3, 2008, 9:48 am
How to restrict others to "Add Reference" to a DLL ?	August 12, 2005, 6:03 am

The site map in XML format XML site map