MS Knowledge Base Article 143474

S

Steph

This article tells how to restrict the information that
is available to Anonymous logon users by creating the
restrictanonymous key in the registry. Does anyone know
if this needs to be done only on the domain controllers,
on all servers, or on all servers and all workstations?
 
S

Steven L Umbach

In general, great care should be used before implementing setting "2" or "deny
access" on domain controllers as may things can break, especially with NT4.0, W9X,
and even XP, Pro clients [ability to change passwords]. If other computers [non
domain controllers] are offering shares to only W2K computers then it is probably
safe to implement setting "2" on them though you would want to test out a machine to
make sure share/printer access is still enabled and that the computer shows in the
browse list. See the following links for more details. --- Steve

http://support.microsoft.com/?kbid=246261 -- read about what may break.
http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 -- more info and
compatibility problems
http://www.microsoft.com/technet/security/prodtech/win2000/win2khg/05sconfg.mspx --- recommendations
and warnings.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unable to display the user selection dialog (null) 4
537 errors due to manual services being started 0
Granting access to HKLM/Software/<application> 6
RestrictAnonymous issue 4
Possible Issues with DST Knowledge Base article 914387 1
Disabling Null sessions on W2K machines from Win2003 DCs 1
The Local Policy of This System Does Not Permit You to Logon Interactively 5
Disable Administrator Login in a W2K Domain 6

Top