This was a known issue as described in Q328817, but the article says it was
only during the first time an account was accessed. It has supposedly been
fixed in SP2.
If you want to keep it at 1, then change the gp policy that is applying it
to the DC- I'm assuming that is what changes it every evening (though I'm
curious as to why it is only in the evening as per the default DC GPO
application every 5 min...)
But, I have to say, it is nice to see someone actually trying to have RA=2
set. Most go with RA=1, which on Win2k, does not do too much.
t
----- Original Message -----
From: "Andrew Clelland" <aclelland (at) rivermarkcu (dot) org [email concealed]>
To: <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Tuesday, September 21, 2004 9:02 AM
Subject: Restrict Anonymous
> Good morning, I am curious about the Restrict Anonymous setting in Windows
> 2000 Server. Our DC is Windows 2000 and we have some servers with 2003 and
> half of our workstations are Windows XP. Every evening the restrict
> anonymous key changes to a DWORD value of 2 (allow users with explicit
> anonymous permission) and denies users on Windows XP the chance to change
> their expired password. Does anyone know of a way to force this setting to
> a
> DWORD value of 1 (restrict anonymous Users) or make Windows XP work with
> the
> DWORD value of 2? Thanks in advance for your insight and I look forward to
> the responses.
>
>
> ~Andy
>
>
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
>
>
>
only during the first time an account was accessed. It has supposedly been
fixed in SP2.
If you want to keep it at 1, then change the gp policy that is applying it
to the DC- I'm assuming that is what changes it every evening (though I'm
curious as to why it is only in the evening as per the default DC GPO
application every 5 min...)
But, I have to say, it is nice to see someone actually trying to have RA=2
set. Most go with RA=1, which on Win2k, does not do too much.
t
----- Original Message -----
From: "Andrew Clelland" <aclelland (at) rivermarkcu (dot) org [email concealed]>
To: <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Tuesday, September 21, 2004 9:02 AM
Subject: Restrict Anonymous
> Good morning, I am curious about the Restrict Anonymous setting in Windows
> 2000 Server. Our DC is Windows 2000 and we have some servers with 2003 and
> half of our workstations are Windows XP. Every evening the restrict
> anonymous key changes to a DWORD value of 2 (allow users with explicit
> anonymous permission) and denies users on Windows XP the chance to change
> their expired password. Does anyone know of a way to force this setting to
> a
> DWORD value of 1 (restrict anonymous Users) or make Windows XP work with
> the
> DWORD value of 2? Thanks in advance for your insight and I look forward to
> the responses.
>
>
> ~Andy
>
>
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
>
>
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]