Enterprise fallout from RestrictAnonymous

["Chewy Gravy" <chewygravy () gmail com>]

Does anyone have experience with an enterprise-wide reset of the
RestrictAnonymous registry value from 0 to 1? This would include NT,
200 and 2003 servers - I'm wondering if there are any gotcha's we
should be aware of in real-world deployment of such a change. Because
we have a mixed environment, I don't believe we can safely set
RestrictAnonymous to 2 without breaking a lot of downstream servers.

MS has this helpful article:
http://support.microsoft.com/kb/890161/?sd=RMVP&fr=1#XSLTH3165121123120121120120

which also makes me wonder if setting the value to 1 is of any use -
won't any auditor worth their salt use the tools that can still
enumerate accounts unless the value is set to 2?

Thanks

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------