Легенда:
 новое сообщение
 закрытая нитка
 новое сообщение
 в закрытой нитке
 старое сообщение
|
- Напоминаю, что масса вопросов по функционированию форума снимается после прочтения его описания.
- Новичкам также крайне полезно ознакомиться с данным документом.
я не админ но возможно это поможет:
30.01.04 14:49 Число просмотров: 1609
Автор: Killer{R} <Dmitry> Статус: Elderman
|
я не админ но возможно это поможет:
---NetUserEnum:
Security Requirements
Windows NT: No special group membership is required to successfully execute the NetUserEnum function.
Windows 2000: If you call this function on a Windows 2000 domain controller that is running Active Directory, access is allowed or denied based on the access-control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the "Pre-Windows 2000 compatible access" group to view the information. By default, the "Pre-Windows 2000 compatible access" group includes Everyone as a member. This enables anonymous access to the information if the system allows anonymous access.
If you call this function on a Windows 2000 member server or workstation, all authenticated users can view the information. Anonymous access is also permitted if the RestrictAnonymous policy setting allows anonymous access.
For more information about restricting anonymous access, see Security Requirements for the Network Management Functions.
---Далее по ссылке:
Security Requirements for the Network Management Functions
Calling some of the network management functions does not require special group membership. Other functions require that users have a specific privilege level to execute successfully. When applicable, the Security Requirements section on a function's reference page indicates the privilege level a user must have to execute the particular function.
The security requirements that apply when you make calls to certain network management functions on Windows 2000 are different than the requirements that apply when you call the functions on Windows NT. The functions include, among others, all those that begin with NetGroup, NetLocalGroup, and NetUser. For a complete list of affected functions, see the end of this topic. For requirements that apply to an individual network management function, please see the function's reference page.
Windows 2000 Active Directory domain controllers: If you call one of the affected functions on a Windows 2000 domain controller running Active Directory™, access to a securable object is allowed or denied based on the access-control list (ACL) for the object. (ACLs are specified in the directory.)
For queries, the default ACL permits all authenticated users and members of the "Pre-Windows 2000 compatible access" group to view information. For updates, the default ACL permits only Administrators and account operators to write information.
Note By default, the "Pre-Windows 2000 compatible access" group includes Everyone as a member. This enables anonymous access (Anonymous Logon) to information if the system allows anonymous access. Administrators can remove Everyone from the "Pre-Windows 2000 Compatible Access" group when installing a domain controller. Removing Everyone from the group restricts information access to authenticated users only.
Anonymous access to securable objects can also be restricted by setting the following key in the registry to the value 1. (This is also referred to as the RestrictAnonymous policy setting.)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
Windows 2000 servers and workstations: If you call one of the affected functions on a Windows 2000 member server or workstation to perform a query, all authenticated users can view the information. Anonymous access is also possible if the RestrictAnonymous policy setting allows anonymous access. For updates, only Administrators and account operators can write information.
|
|
|
подробно о проекте
Анализ криптографических сетевых...
