How to Prevent Anonymous LDAP Operations in Windows 2000 domain.

G

Guest

Windows 2000 domain by default allows anonymous LDAP queries. How can an
administrator restrict this without affecting operations? Thanks.
 
J

Jorge de Almeida Pinto

11-Nov-2005 00:46:02
Windows 2000 domain by default allows anonymous LDAP queries. How can an
administrator restrict this without affecting operations? Thanks.
Click to expand...
For Windows 2003 look at: http://support.microsoft.com/default.
aspx?scid=326690
In the same article they state:
<QUOTE>
The DsHeuristics setting applies to all Windows Server 2003-based
domain controllers in the same forest. The value is realized by
domain controllers upon Active Directory replication without
restarting Windows. Microsoft Windows 2000-based domain controllers
do not support this setting and do not restrict anonymous operations
if they are present in a Windows Server 2003-based forest.
<QUOTE>
IMHO: not possible to disable anonymous LDAP operations in W2K AD. If
possible you could still restrict access by making sure anonymous
does not have permissions on objects (directly or through
memberships) (e.g. through pre-Windows 2000 compat group)

Cheers,
# Jorge de Almeida Pinto #
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

enabling Anonymous LDAP operations to Active Directory 5
adprep failure, adding 2003 R2 x64 server to 2000 domain 5
browse Ldap as Anonymous!!! 3
Windows2003Updates folder never shows in ADSIEDIT 2
Anonymous LDAP on Windows 2003 1
Restrict access to AD over LDAP 4
Binding to AD using LDAP over SSL 4
LDAP + AD 3

Top