GPO and Enum sam and shares

  • Thread starter Thread starter larryg
  • Start date Start date
L

larryg

Is there a GPO option to up the restrict anonymous level
to 2? I can only find the "do not allow anonymous
enumeration of SAM accounts and shares". Set for enable,
it seems that at that level this key is a 1.

thx,...
 
In W2K, that would be the "no access without explicit anonymous permissions". That
setting should not be enabled without doing some testing ahead of time, particularly
on domain controllers, as you likely will have problems if on a network that has
downlevel [NT4.0/W9X] or even XP clients [changing passwords] or are using downlevel
trusts. Read the KB link below for some of the ramifications. The Windows 2000
Security Hardening Guide also has more information on implementing that security
setting. --- Steve

http://support.microsoft.com/?kbid=246261
http://www.microsoft.com/technet/tr...security/prodtech/win2000/win2khg/default.asp
 
Back
Top