I'm pretty sure its required to access a 2003 server using an alias. - Sean
On Sep 29, 2011, at 9:39 PM, Ken Schaefer <k...@adopenstatic.com> wrote: > Strict Name Checking is for reflection attacks - you need to disable it when > a server connects to itself using something other than its own name. > > I'm pretty sure it's not necessary when an external party/machine connects > using a CNAME or some other alias > > Cheers > Ken > > -----Original Message----- > From: Steve Kradel [mailto:skra...@zetetic.net] > Sent: Friday, 30 September 2011 12:48 PM > To: NT System Admin Issues > Subject: Re: fake-out NetBIOS > > Are y'all positive that disabling strict name checking is necessary in > conjunction with a CNAME? Most apps will get the canonical name > (de-alias) when looking for SPNs, etc. > > --Steve > > On Thu, Sep 29, 2011 at 2:44 PM, Sean Martin <seanmarti...@gmail.com> wrote: >> We disable it on all of our SQL servers so our DBAs can leverage DNS >> aliases for DBs. Makes it easy to move DBs between SQL servers. >> >> - Sean >> >> On Thu, Sep 29, 2011 at 5:15 AM, David Lum <david....@nwea.org> wrote: >>> >>> That's perfect, thanks! I have never run into this before nor even >>> heard of "disable strict name checking", so this is good new stuff. >>> >>> >>> >>> Reason number 703,510 to love this list. >>> >>> >>> >>> How did you know about that anyhow? >>> >>> >>> >>> Dave >>> >>> >>> >>> From: Glen Johnson [mailto:gjohn...@vhcc.edu] >>> Sent: Thursday, September 29, 2011 6:12 AM >>> >>> To: NT System Admin Issues >>> Subject: RE: fake-out NetBIOS >>> >>> >>> >>> Google disable strict name checking and you will find what you seek. >>> >>> >>> >>> From: David Lum [mailto:david....@nwea.org] >>> >>> Sent: Thursday, September 29, 2011 9:09 AM >>> To: NT System Admin Issues >>> Subject: fake-out NetBIOS >>> >>> >>> >>> How do I go about having a Windows client (XP, or 7) connect to a UNC >>> that's different from the actual hostname w/out using a FQDN? I have >>> a server named BOB but I want users to be able to attach using \\FRED. > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
