List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] anonymous users

Prev Next

You are not authorized to post a reply.

Author

Messages

pgt

Posts:28

06/01/2010 7:37 PM
Hi all, can anonymous logon users can list domain user names and enumerate share names on Windows 2003 & 2008? q143474 says about NT thanks in advance.

Thomas Vuylsteke User is Offline

Posts:207

06/01/2010 8:02 PM
Last week I also had a close encounter with "Network access: Allow anonymous SID/Name translation": http://setspn.blogspot.com/2010/05/admt-configure-trusts-for-sidhistory.html More explanation about that (and other settings) can be found at: http://support.microsoft.com/kb/823659/en-us Regards, Thomas From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brian Desmond Sent: dinsdag 1 juni 2010 20:36 To: activedir@mail.activedir.org Subject: RE: [ActiveDir] anonymous users Sensitivity: Confidential There's a right for this. I believe by default in 2003+ it doesn't allow anonymous folks to do this but you'd want to check. It's called something like allow enumeration of sam names and shares. Thanks, Brian Desmond brian@briandesmond.com<mailto:brian@briandesmond.com> c - 312.731.3132 From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Praveen Thampi Sent: Tuesday, June 01, 2010 1:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] anonymous users Hi all, can anonymous logon users can list domain user names and enumerate share names on Windows 2003 & 2008? q143474 says about NT thanks in advance.

pgt

Posts:28

06/02/2010 11:22 AM
Thanks Brian. Do not allow anonymous enumeration of SAM accounts and shares (Default: Disabled) That's it. Thomas -thank you too, that link explains :-) On Wed, Jun 2, 2010 at 12:31 AM, Thomas Vuylsteke < Thomas.Vuylsteke@realdolmen.com> wrote: > Last week I also had a close encounter with “Network access: Allow > anonymous SID/Name translation”: > > * > http://setspn.blogspot.com/2010/05/admt-configure-trusts-for-sidhistory.html > * > > * * > > More explanation about that (and other settings) can be found at: > > http://support.microsoft.com/kb/823659/en-us > > > > Regards, > > Thomas > > From: activedir-owner@mail.activedir.org [mailto: > activedir-owner@mail.activedir.org] On Behalf Of Brian Desmond > Sent: dinsdag 1 juni 2010 20:36 > To: activedir@mail.activedir.org > Subject: RE: [ActiveDir] anonymous users > Sensitivity: Confidential > > > > There’s a right for this. I believe by default in 2003+ it doesn’t allow > anonymous folks to do this but you’d want to check. It’s called something > like allow enumeration of sam names and shares. > > * * > > Thanks, > > Brian Desmond > > brian@briandesmond.com > > * * > > c – 312.731.3132 > > * * > > From: activedir-owner@mail.activedir.org [mailto: > activedir-owner@mail.activedir.org] On Behalf Of Praveen Thampi > Sent: Tuesday, June 01, 2010 1:34 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] anonymous users > > > > Hi all, > > > > can anonymous logon users can list domain user names and enumerate share > names on Windows 2003 & 2008? > > > > q143474 says about NT > > > > thanks in advance. >

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] anonymous users

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads