PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mass user creation on 2008 then enumeration

From: Ryan B <broadydownunder () gmail com>
Date: Wed, 1 May 2013 09:59:25 +1000
Hi Robin,

To create a bunch of fake users in Server 2008, you can use PowerShell and
a CSV file.

Use something like GenerateData to create the user accounts:
http://www.generatedata.com/#generator

Once you've got your CSV file, follow the tutorial here to get your users
into the AD:
http://www.howtogeek.com/50187/how-to-create-multiple-users-in-server-2008-with-powershell/

Regarding the Null Session Enumeration, after you've adjusted the Registry,
you'll also have to make some changes to the Group Policy Settings in
gpedit.

The following list is from a hardening guide so I would just reverse the
settings and it should work.

There are 6 policies listed below that controls what information can be
accessed anonymously. These policies are located in local group policy
editor under *Computer Configuration\Windows
Settings\SecuritySettings\Local Policies\SecurityOptions.*



1.       Network access: Allow anonymous SID/Name translation

2.       Network access: Do not allow anonymous enumeration of SAM accounts

3.       Network access: Do not allow anonymous enumeration of SAM accounts
and shares

4.       Network access: Let Everyone permissions apply to anonymous users

5.       Network access: Named Pipes that can be accessed anonymously

6.       Network access: Shares that can be accessed anonymously



In order to completely disable anonymous logons, you can disable policy 1
and 4, enable policy 2 and 3, and specifying empty lists for policy 5 and 6.


Cheers

Ryan



On Wed, May 1, 2013 at 1:48 AM, Robin Wood <robin () digininja org> wrote:


I'm setting up a lab for some training I've got and I need to set up a
bunch of users on my 2008 DC. I know there are scripts to do this but can't
find any, has anyone got a good one?

I also want to enable NULL session enumeration as it is off by default on
2008. I've set the RestrictNullSessAccess registry key to 0 but it is still
disabled, what else do I need to set?

Robin

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: