Null Session Enumeration on 2000

[xenolith () hushmail com]

I was on an internal pentest recently where I had the following curious situation and wondered if anyone had any 
insight as to what may have caused it.

I used gnit.exe to attempt to enumerate the users shares etc on a Win2k DC via a null session.
This only partially worked in that I got the NBTSTAT info back and the SHARE info but NOT the user or group information.
I was able to get the userlist via RID cycling but I was curious as to why this happened.
Other Win2K boxes on the network (non DC) gave up everything A ok.
Now in my experience if they had RestrictAnonymous set then I would not have got the share information back !
They were all SP2 and had SP2SRP1 installed.

Any help greatly appreciated.

xenolith () hushmail com


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/