Red Button access attack uses Anonymous
User Connections , also called Null User
Connection, to discover which account is the administrative account and
what the network shares are. You can disable this discovery by preventing
anonymous connections to domains using the following Windows NT registry hack.
Caution: this can have severe consequences on sql server access and creating /
maintaining domain trusts.
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Control\Lsa
Name:
RestrictAnonymous
Type: REG_DWORD
Value: 1
Windows 2000 has the same setting and adds the value of 2 which is much more
restrictive. Its so restrictive, it does not seem viable in anything but a pure
W2K environment – no NT4, no – Mac clients. See kb article Q246261.
Related:
Q143474 –
Restricting Information Available to Anonymous Logon Users
Q184018 –
NDS for NT does not support restrict anonymous connections
Q168464 –
Directory Replication Fails with Event ID 3216
Q246261 –
How to Use the RestrictAnonymous Registry Value in Windows 2000
