LISTSERV 15.5 - MSUNAG Archives

Subscriber's Corner

Public Email Lists

MSUNAG Archives

View:

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives

Subject: Re: null sessions

From: Linda Losik <[log in to unmask]>

Reply-To: MSU Network Administrators Group <[log in to unmask]>

Date: Thu, 21 Mar 2002 09:31:50 -0500

Content-Type: text/plain

Parts/Attachments:

text/plain (33 lines)

Yes, I have.  I have both NT4 servers and Windows 2000 servers with the DC
being one of the W2K servers.  Last January, it crashed with, among other
problems, the RestrictAnonymous setting of 2.  In a mixed environment, the
Trust relationships cannot be reset without allowing having a
RestrictAnonymous setting of 0.  After the RestrictAnonymous setting was
reset to 0 on all the servers, we were able to reestablish the Trusts.

 -----Original Message-----
From:   Doug Luxem [mailto:[log in to unmask]]
Sent:   Thursday, March 21, 2002 8:59 AM
To:     [log in to unmask]
Subject:        Re: null sessions

I have been using the setting of "Do not allow enumeration of SAM accounts
and shares" in a domain wide GPO which is equivalent of setting
RestrictAnonymous to 1 in the registry.  This did not stop the null session
attacks from occurring.  According to the following KB article, using a
RestrictAnonymous setting of 2 (no access without explicit permissions) will
have some major effects in domains with down-level clients, and it may also
break the browser service.

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q246261

Has anyone seen the problems outlined in this article while using the 2
setting?

Doug
----
Michigan State University
University Services
Email: [log in to unmask]
Voice: 517/355-0357 Ext. 163
Fax: 517/353-2024

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink

LIST.MSU.EDU