Security Basics mailing list archives

RE: Problem Disabling "Null Session" on W2K3

From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Tue, 14 Nov 2006 15:44:48 -0500

Eneko,

You may want to check if you have the Everyone group in the built-in
domain group Pre-Windows 2000 Compatibility Access.  This may have been
done in the past if you had a trust to an NT domain.

Here is a matrix on how different settings affect/overwrite
RestrictAnonymous=1|2:
http://technet2.microsoft.com/WindowsServer/en/library/6361e9c2-73ad-49c
3-a012-6d09cebd31611033.mspx?mfr=true

Kind Regards,
Scott Ramsdell


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of eneko.astorkiza () ieuskadi com
Sent: Tuesday, November 14, 2006 10:18 AM
To: security-basics () securityfocus com
Subject: Problem Disabling "Null Session" on W2K3

Hi all,

Firstly excuse my english, i'm spanish.

I'm trying to secure some AD servers and i have a problem.

I scan then (w2k3 AD Servers) with Retina and it says that i have "Null
Session" enabled, so it shows all the domain users. (I'm doing with a
machine out of the domain)

The problem is that if i look at the RestrictAnonymous and
RestrictAnonymousSAM registry values, they are ok :-?

Someone knows why i can enumerate the domain users ???

I have also use SuperScan and the same happens.


Un saludo

          Eneko

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Problem Disabling "Null Session" on W2K3 eneko . astorkiza (Nov 14)
- RE: Problem Disabling "Null Session" on W2K3 Cort Boecking (Nov 15)
- Re: Problem Disabling "Null Session" on W2K3 Alexey Vesnin (Nov 15)
  - Re: Problem Disabling "Null Session" on W2K3 Ansgar -59cobalt- Wiechers (Nov 15)
- RE: Problem Disabling "Null Session" on W2K3 Roger A. Grimes (Nov 15)
- <Possible follow-ups>
- RE: Problem Disabling "Null Session" on W2K3 Scott Ramsdell (Nov 15)
- Re: Problem Disabling "Null Session" on W2K3 warl0ck (Nov 15)