|
Posted by Steven L Umbach on July 12, 2005, 3:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
In my expereince that value of 1 in Windows 2000 does not add much if any
protection from anonymous access. The options to restrict anonymous access
in Windows 2003 are more granular than in Windows 2000. The main three are
network access: do not allow anonymous enumeration of sam accounts, do not
allow anonymous enumeration of sam accounts and shares, and let everyone
permissions apply to anonymous users [which is disabled by default in
Windows 2003]. I am not sure exactly what you need configured and you could
test it out but I would advise that you read the KB link below that
discusses imcomapibilites of security settings with downlevel clients and
domains and goes into good detail on the anonymous access settings. In my
opinion the main concern is that your firewall protects your network so that
untrusted networks do not have access to information that they could
enumerate to use against you. Enforcement of strong passwords in the domain
will greatly reduce the risk of users being able to use the information that
they can access via a null session such as users/group names. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
> Hello
> I have to define trust between Windwos 2003 DC and Windows NT DC
> I order to do that i used following link
> http://support.microsoft.com/kb/246261/
>
> As part of procedure i had to set RestrictAnonymous to 0 (otherwise i
> could
> not see WinNT users in Win2003 domain).
>
> In Windows 2000 RestrictAnonymous parameter had three options and trust
> did
> not worked with value 2, but worked with value 1.
>
> In Windows 2003 the only options are 0 or 1. I want to minimize security
> risk. Do i have an option to set security to the level that equivalent
> value
> 1 in Windows 2000?
>
> Thanks
> --
> Eduard Timchenko
> Business Technology Solutions Group
> Verint Systems
| 
XML site map