Windows Server family operating system has always had a weakness. The Administrators group has high user rights. For example, remote IPC connection and terminal service login, the use of administrator account is unlimited, which is essentially different from Windows XP and Windows Vista. Today, the Vista zone will talk about how to prevent hackers from establishing IPC$ null connections, thus preventing anonymous access by remote users, opening the registry editor, locating the HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\LSA branch, and modifying RestrictAnonymous on the right. 1. 1
FIG. 1
about three cases RestrictAnonymous value interpretation:
0 Depends on the default privilege 1 does not allow enumeration of SAM accounts and name 2 can not be accessed without explicit anonymous permissions, while the Vista zone reminds you of the need to pay attention to the domain controller DC
when based on Windows 2000 When the RestrictAnonymous registry value on a domain controller in /2003/2008 is set to 2, the following tasks are restricted: A subordinate member workstation or server cannot establish a netLogon secure channel.
? Subordinate domain controllers in the trusting domain cannot establish a netLogon secure channel.
? Microsoft Windows NT users cannot change their password after the password expires. In addition, Macintosh users cannot change their passwords at all.
? The browser service cannot retrieve a list of domains or a list of servers from a backup browser, master browser, or domain master browser running on a computer with the RestrictAnonymous registry value set to 2. Therefore, all programs that rely on browser services do not work properly.
Due to the above results, it is recommended that you do not set the RestrictAnonymous registry value to 2 in a mixed mode environment that includes subordinate clients. You should consider setting the RestrictAnonymous registry value to 2 only in a Windows 2000/2003/2008 environment and only after sufficient quality assurance testing has been performed to verify that the appropriate service levels and program features continue to be maintained.
Under Windows 2000 Server, users can also complete the task of setting up a task. The definition of
ASP provides powerful file system access capability, which can read, write, copy, delete, rename, et
Because of work, I often need to use Asp to develop some small programs. When developing and using r
Running the Active Directory Installation Wizard Upgrading a Windows 2000 Server computer to a domai
Windows 2000 Security Configuration Tool
Windows Server 2008: SeverCore Raiders
Win2000 system security countermeasures
Windows Server 2008 exciting improvements
Talk about DNS in the Active Directory
How to recover lost administrator passwords in Windows 2000 system
A simple way to view Win 2003 logs
Modify the password of the Active Directory user account
Easily improve the speed of Win 2003
Stop Analysis of Blue Screen of Death in Windows 2000
Enhancements to Windows 2000 Browser Features
Microsoft demonstrates Windows Server 2008 server hot swap function
Do not format the C drive to format all other hard drives will affect the computer operation?
How does the Win10 TH2 system change the inactive window to a different color?
Microsoft once again warned IE security vulnerabilities to become targets
Win8 new home security management function
Windows 7 system simply builds a complete control panel
XP system computer blue screen prompts Ati2dvag error solution
Win7/Win8.1 Get Win10" Management Tool Download Can permanently disable Win10 upgrade notification