Sorry for the long post. I'd appreciate it if you could hang in there and read through this. My question is, are anonymous connections eliminated?
A document I have says "After you upgrade all the servers in the domain hosting services that run as Local System and use Anonymous or null credentials when accessing a domain controller. Such as Windows NT 4.0 RAS servers, remove the Everyone and Anonymous Logon groups from the Pre-Windows 2000 Compatible Access built-in group. This task increases the security of your domain by preventing anonymous connections to the domain controllers." The document then suggests to do so with the command Net localgroup "Pre-Windows 2000 Compatible Access" groupname /delete I can't remember if I did this back when I upgraded from NT to Server 2003. I'm now running both the forest and domain in Server 2003 mode with all DCs running Server 2003. I logged onto my DC and executed the above command with Everyone substituted in for groupname. I got error System error 2 has occurred The system file cannot find the file specified Doing the same substituting in anonymous for groupname I got error There is no such global user or group: Anonymous I read you can test to see if anonymous access is disabled with the command Net user \\servername\ipc$ /u:"" "" I executed this command from another computer on the network and got "Logon failure: unknown user name or bad password." I also read you can test anonymous access with the command Net user \\ipc$ /u:"" "" I executed this command while logged on to the DC and got "System error 67 has occurred." I wasn't sure if this command was actually valid so I retried with a slight modification Net user \\localhost\ipc$ /u:"" "" This time I got "The command completed successfully. So the question is, is anonymous access still enabled or do I need to do something further to disable it? Thanks for your help. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~