Security Basics mailing list archives
RE: Enterprise fallout from RestrictAnonymous
From: "Depp, Dennis M." <deppdm () ornl gov>
Date: Wed, 15 Mar 2006 10:24:50 -0500
We have been running this way for several years and have not had any issues that I can remember. Denny -----Original Message----- From: Chewy Gravy [mailto:chewygravy () gmail com] Sent: Tuesday, March 14, 2006 9:03 AM To: security-basics () securityfocus com Subject: Enterprise fallout from RestrictAnonymous Does anyone have experience with an enterprise-wide reset of the RestrictAnonymous registry value from 0 to 1? This would include NT, 200 and 2003 servers - I'm wondering if there are any gotcha's we should be aware of in real-world deployment of such a change. Because we have a mixed environment, I don't believe we can safely set RestrictAnonymous to 2 without breaking a lot of downstream servers. MS has this helpful article: http://support.microsoft.com/kb/890161/?sd=RMVP&fr=1#XSLTH31651211231201 21120120 which also makes me wonder if setting the value to 1 is of any use - won't any auditor worth their salt use the tools that can still enumerate accounts unless the value is set to 2? Thanks ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Enterprise fallout from RestrictAnonymous Chewy Gravy (Mar 14)
- <Possible follow-ups>
- RE: Enterprise fallout from RestrictAnonymous Depp, Dennis M. (Mar 15)