MS Knowledge Base Article 143474

  • Thread starter Thread starter Steph
  • Start date Start date
S

Steph

This article tells how to restrict the information that
is available to Anonymous logon users by creating the
restrictanonymous key in the registry. Does anyone know
if this needs to be done only on the domain controllers,
on all servers, or on all servers and all workstations?
 
In general, great care should be used before implementing setting "2" or "deny
access" on domain controllers as may things can break, especially with NT4.0, W9X,
and even XP, Pro clients [ability to change passwords]. If other computers [non
domain controllers] are offering shares to only W2K computers then it is probably
safe to implement setting "2" on them though you would want to test out a machine to
make sure share/printer access is still enabled and that the computer shows in the
browse list. See the following links for more details. --- Steve

http://support.microsoft.com/?kbid=246261 -- read about what may break.
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 -- more info and
compatibility problems
http://www.microsoft.com/technet/security/prodtech/win2000/win2khg/05sconfg.mspx --- recommendations
and warnings.
 
Back
Top