Anonymous LDAP on Windows 2003
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I am in the position that I have to allow anonymous LDAP operations on our
2003 domain controllers. I know that this was allowed by default on Windows
2000, but has been changed on Windows 2003. I wonder what the consequences
are regarding security, and is there any other way of restricting anonymous
access to all objects in AD once it is allowed?
Thanks,
--
Igor
I am in the position that I have to allow anonymous LDAP operations on our
2003 domain controllers. I know that this was allowed by default on Windows
2000, but has been changed on Windows 2003. I wonder what the consequences
are regarding security, and is there any other way of restricting anonymous
access to all objects in AD once it is allowed?
Thanks,
--
Igor
More about : anonymous ldap windows 2003
Archived from groups: microsoft.public.win2000.security (More info?)
I was in this same situation. I enabled anonymous logon for the domain at
the domain level. Then I granted read access to "anonymous logon"to only
the OU's that I needed. We had to do this because the RADIUS servers are in
a different domain/forest and wouldn't authenticate users.
--
aaron
A+,NET+,MCSE 2K/2K3,CNA,CCNA
"Igor" <Igor@discussions.microsoft.com> wrote in message
news:B109620B-12B1-4DBF-A07C-31EFBDA28DB0@microsoft.com...
>I am in the position that I have to allow anonymous LDAP operations on our
> 2003 domain controllers. I know that this was allowed by default on
> Windows
> 2000, but has been changed on Windows 2003. I wonder what the consequences
> are regarding security, and is there any other way of restricting
> anonymous
> access to all objects in AD once it is allowed?
>
> Thanks,
> --
> Igor
>
I was in this same situation. I enabled anonymous logon for the domain at
the domain level. Then I granted read access to "anonymous logon"to only
the OU's that I needed. We had to do this because the RADIUS servers are in
a different domain/forest and wouldn't authenticate users.
--
aaron
A+,NET+,MCSE 2K/2K3,CNA,CCNA
"Igor" <Igor@discussions.microsoft.com> wrote in message
news:B109620B-12B1-4DBF-A07C-31EFBDA28DB0@microsoft.com...
>I am in the position that I have to allow anonymous LDAP operations on our
> 2003 domain controllers. I know that this was allowed by default on
> Windows
> 2000, but has been changed on Windows 2003. I wonder what the consequences
> are regarding security, and is there any other way of restricting
> anonymous
> access to all objects in AD once it is allowed?
>
> Thanks,
> --
> Igor
>
Related ressources:
- Forumbrowse Ldap as Anonymous !!!
- ForumBinding to AD using LDAP over SSL
- ForumDisabled account and LDAP
- ForumDNS and LDAP Errors in Netdiag
- ForumLdap member server
- ForumUse an LDAP user to create another LDAP user
- ForumLDAP /S
- ForumActive Directory multiple simultaneous binds on same ldap ..
- Forumldap ?
- ForumSet up LDAP query in Pocket Outlook?
- ForumWindows 7 and Samba Issue
- ForumWindows 2000 security vulnerability solution
- ForumParallel and com ports not appearing in device manager
- Forumwindows programming
- Forumprogramming windows security
- ForumAdding Windows 2003 options (GPO)
- Forumwindows 2000 server help
- ForumWindows 98/ME having problem to log-on Windows 2000 domain
- ForumMS04-40 not listed as applicable update on Windows Update
- ForumWindows 9x clients authentication
- More resources
!
