Disallow domain user to get user name from Domain User Manager
Siu Wong
1. How do I disable domain users to use a "Domain User Manager" to
browse user account from the domain controllers (NT4)?
2. And also disable them to read servers' app and sys eventlog?
The are registry keys to restict anonymous/null doing the above, but
seems not domain users... Please advise.
Thanks
siuwong
RCC
news:2msikugaeqr7aua5f...@4ax.com...
Quick answer will be to ACL the .exe, event log directory and registry
entries.
Regards,
RCC
Siu Wong
subfolder of %systemroot% and \..\CurrentControlSet\Service\Eventlog\
in the server.
However the remote machine using a non-admin account still can read
the server's EventLog and content of Domain User info.
Thanks.
RCC
Do you have these keys set?
Hive HKEY_LOCAL_MACHINE
Key \System\CurrentControlSet\Services\EventLog\Application
Name RestrictGuestAccess
Type REG_DWORD
Value 1
Hive HKEY_LOCAL_MACHINE
Key \System\CurrentControlSet\Services\EventLog\Security
Name RestrictGuestAccess
Type REG_DWORD
Value 1
Hive HKEY_LOCAL_MACHINE
Key \System\CurrentControlSet\Services\EventLog\System
Name RestrictGuestAccess
Type REG_DWORD
Value 1
Also search google for the NSA NT security guide on how to set level 1 or
level 2 restrictions for your particular requirement.
Regards,
RCC
Siu Wong
Thanks RCC,
I had set all the RestrictGuestAccess and RestrictAnonymous, they only
block users without domain account to access the domain controller.
You may use the free tool called LANGuard to scanner your domain
controller by using a normal "Domain User". It may supprise how much a
user can see... all account infomation including last logon time,
expire day, associated workstation..... hidden shared folders, all the
running service names.. and password policy .....
It is sad that I can't find any info that can help me to block this
access..