Re: Win2k Server + remote user enumeration

[bacano () ESOTERICA PT (bacano)]

Because the server is working with DNS, and using host names instead of
netbios names? If you can uninstall/disable DNS in that server you'll see
that CIS works fine, and the users will be listed in CIS NetBIOS Session
Server report. Win2k its designed to work with host names instead of netbios
names, so probably the server version default installation includes DNS. No
DNS installed, and at cis report got it all(e.g. a win2k default user):

Account Name    :TsInternetUser
The TsInternetUser account is a GUEST, and the password was changed XX days
ago. This account has been used X times to logon.
Comment         :This user account is used by Terminal Services.
User Comment    :
Full name       :TsInternetUser

(you will have the share, group and account information as usual, but
without DNS on that server)

[ ]'s
Bacano

----- Original Message -----
From: "Joerg Weber" <joerg () FS IS UNI-SB DE>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Tuesday, May 09, 2000 4:36 PM
Subject: Win2k Server + remote user enumeration

> Hi everyone,
>
>  I was playing with a new Win2K server today (vanilla install) and poked
> it with tools like gnit or cis to perform remote user enumeration. Works
> fine on default workstations, but not on servers.
>  Did MS wise up and change the default permissions in this regard? If so,
> is it still possible to fetch that info via Active Directory maybe?
>
>  Cheers,
> Joerg