G
Gilbert
Hi everyone, recently we had an auditor evaluate our W2K machines and he is
telling us that our NetBIOS security is not secure enough. He listed the
following details:
LSAAnonymousNameLookup - Set to 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash - Set to 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\DisableDomainCreds - Set to 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner - Set to 0
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel - Set to 3
Problem: I can only verify that W2K registry supports NoLMHash and
LmCompatibilityLevel.
Question: Does setting LSAAnonymousNameLookup, DisableDomainCreds, and
NoDefaultAdminOwner have any effect on W2K or does it only apply to XP/W2K3.
Thanks a million!
telling us that our NetBIOS security is not secure enough. He listed the
following details:
LSAAnonymousNameLookup - Set to 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash - Set to 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\DisableDomainCreds - Set to 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner - Set to 0
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel - Set to 3
Problem: I can only verify that W2K registry supports NoLMHash and
LmCompatibilityLevel.
Question: Does setting LSAAnonymousNameLookup, DisableDomainCreds, and
NoDefaultAdminOwner have any effect on W2K or does it only apply to XP/W2K3.
Thanks a million!