GPO for turning off null session ability

  • Thread starter Thread starter LarryG
  • Start date Start date
L

LarryG

What can be done with a GPO to completely turn off null session. I
believe so it will equal a the registry RestrictAnonymous=2.?


Thx, Larry
 
You can do that in security policy section of Group Policy in local
policies/security options/additional restictions for anonymous users - no
access without explicit anonymous permssions. See KB link below and read
ramifications of such a setting first. --- Steve

http://support.microsoft.com/?kbid=246261
 
I should add, since the KB does not mention it, that if you have XP clients
in the domain they will be unable to change there passwords at the "2"
setting. --- Steve
 
Steve, I guess it would be best to set this in the local security pol.
since it looks like this should be handled on a server/server basis.
As far as XP clients and passwords. Does this issue pop up on DC's
only?
 
Hi Larry. Yes, as far as I understand you do not want to configure that
setting on domain controllers if you have XP clients. Xp clients should
still be able to access domain servers with resources however that have that
setting. Be sure to test it out first on a machine. --- Steve
 
Back
Top