restrictanonymous

  • Thread starter Thread starter Pat
  • Start date Start date
P

Pat

What does the restrictanonymous setting do in windows? the baseline
analyzer is telling me I should change the setting on my W2K servers.
 
Here is a link to a KB article that explains it. Be sure to read all of it. Setting
it the highest level - No access without explicit anonymous permissions can cause a
lot of problems, especially if there are any "downlevel" or XP Pro clients in the
domain. The other setting - "do not allow numeration of sam accounts and shares" may
be a better choice. I think the MSBSA should refer users to this KB article along
with the recommendation to change. --- Steve

http://support.microsoft.com/?kbid=246261
 
Don't change it to 2, because that will give problems for your clients to
reach the server.

Marina
 
If your clients are Windows 2000 or XP that should not be a problem. The
problem is with "down level" clients like Windows 98.
-BruceS
 
Here is a link to a KB article that explains it. Be sure to read all of it. Setting
it the highest level - No access without explicit anonymous permissions can cause a
lot of problems, especially if there are any "downlevel" or XP Pro clients in the
domain. The other setting - "do not allow numeration of sam accounts and shares" may
be a better choice. I think the MSBSA should refer users to this KB article along
with the recommendation to change. --- Steve

http://support.microsoft.com/?kbid=246261
Click to expand...
thanks for the answers
 
Hi Bruce. I used to think the same thing, but the number 2 setting will actually
cause problems with XP Pro clients changing their password. This is also documented
in the Windows 2000 Security Hardening Guide. --- Steve

http://www.infosec.uga.edu/windows.html -- Windows 2000 Security Hardening Guide
link
 
Back
Top