Printable View
I have noticed that the dsHeuristics attribute value isnt set under ADSIedit.msc but as to the dedault Windows 2003 behavior the anonymous users can still check the attributes. Can anyone tell me how to disable this setting so that anonymous user wont get any information even if they try to connect to AD through LDAP? Thanks.
You should know that anonumous access is only enabled for the rootDse, and not the rest of AD. For that you will need to enable anonymous access and assign permissions because the data is still protected by ADls.
Thank you the reply, what I was trying to ask was that if there is any way to disable anonymous rootDse access, previously I wrote something else which was not what I was asking. Thanks.
Actually the anonymous rootDse access is a part of the LDAP V3 specification and there isnt any way to disable that yet. I am also assuming that it is used by the DC locator, so it will break core parts of Windows if it was disabled.