Security Basics mailing list archives
Enterprise fallout from RestrictAnonymous
From: "Chewy Gravy" <chewygravy () gmail com>
Date: Tue, 14 Mar 2006 09:03:09 -0500
Does anyone have experience with an enterprise-wide reset of the RestrictAnonymous registry value from 0 to 1? This would include NT, 200 and 2003 servers - I'm wondering if there are any gotcha's we should be aware of in real-world deployment of such a change. Because we have a mixed environment, I don't believe we can safely set RestrictAnonymous to 2 without breaking a lot of downstream servers. MS has this helpful article: http://support.microsoft.com/kb/890161/?sd=RMVP&fr=1#XSLTH3165121123120121120120 which also makes me wonder if setting the value to 1 is of any use - won't any auditor worth their salt use the tools that can still enumerate accounts unless the value is set to 2? Thanks --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Enterprise fallout from RestrictAnonymous Chewy Gravy (Mar 14)
- <Possible follow-ups>
- RE: Enterprise fallout from RestrictAnonymous Depp, Dennis M. (Mar 15)