 |
 |
Yes, I have. I have both NT4 servers and Windows 2000 servers with the DC being one of the W2K servers. Last January, it crashed with, among other problems, the RestrictAnonymous setting of 2. In a mixed environment, the Trust relationships cannot be reset without allowing having a RestrictAnonymous setting of 0. After the RestrictAnonymous setting was reset to 0 on all the servers, we were able to reestablish the Trusts. -----Original Message----- From: Doug Luxem [mailto:[log in to unmask]] Sent: Thursday, March 21, 2002 8:59 AM To: [log in to unmask] Subject: Re: null sessions I have been using the setting of "Do not allow enumeration of SAM accounts and shares" in a domain wide GPO which is equivalent of setting RestrictAnonymous to 1 in the registry. This did not stop the null session attacks from occurring. According to the following KB article, using a RestrictAnonymous setting of 2 (no access without explicit permissions) will have some major effects in domains with down-level clients, and it may also break the browser service. http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q246261 Has anyone seen the problems outlined in this article while using the 2 setting? Doug ---- Michigan State University University Services Email: [log in to unmask] Voice: 517/355-0357 Ext. 163 Fax: 517/353-2024