C
cal
Guest
Attempting to lock down various w2k3r2 laptop(s) using the
Bastion host template (standalone, no domain)
with secedit
which has some settings under the
/machine/system/currentcontrolset/services/lanmanserver/parameters
registry hive key namely:
RequireSecuritySignature
EnableSecuritySignature
EnableForcedLogoff
AutoDisconnect
AutoShareWks
RestrictNullSessAccess
and using supplemental .cmd scripts that run reg.exe or regedit.exe
to set some of these parameters as well ... we are finding basically
that no settings for this lanmanserver/parameters hive key are taking.
Notes from a previous programmer who has left the company
indicate that he had similar problems with lanmanserver parameters
not taking under Windows Server 2000. That is why he attempted
to set them explicitly in the registry using reg.exe or regedit,
instead
of just relying on the template applied with secedit. So, the
question:
is there a known problem trying to set lanmanserver parameters on
laptops with Windows Server 2003 R2? We really need to set esp.
RestrictNullSessAccess or are doomed to fail our accreditation test.
Unfortunately, none of the methods he used, or that we have tried
to set these parameters under lanmanserver are working so we
keep failing the preliminary tests.
regards, Cal
Bastion host template (standalone, no domain)
with secedit
which has some settings under the
/machine/system/currentcontrolset/services/lanmanserver/parameters
registry hive key namely:
RequireSecuritySignature
EnableSecuritySignature
EnableForcedLogoff
AutoDisconnect
AutoShareWks
RestrictNullSessAccess
and using supplemental .cmd scripts that run reg.exe or regedit.exe
to set some of these parameters as well ... we are finding basically
that no settings for this lanmanserver/parameters hive key are taking.
Notes from a previous programmer who has left the company
indicate that he had similar problems with lanmanserver parameters
not taking under Windows Server 2000. That is why he attempted
to set them explicitly in the registry using reg.exe or regedit,
instead
of just relying on the template applied with secedit. So, the
question:
is there a known problem trying to set lanmanserver parameters on
laptops with Windows Server 2003 R2? We really need to set esp.
RestrictNullSessAccess or are doomed to fail our accreditation test.
Unfortunately, none of the methods he used, or that we have tried
to set these parameters under lanmanserver are working so we
keep failing the preliminary tests.
regards, Cal