|
Posted by jwgoerlich on July 15, 2007, 8:14 am
Please log in for more thread options
Hello Dan,
I've been playing with this a bit, and I think it has to do with the
difference in how the NullSession.exe utility contacts Windows 2000
versus Windows 2003 computers.
If I run it from a workstation within the domain, logged in as a
domain user, NullSession returns users from Windows 2000 but not
Windows 2003. Windows 2000 does return an error, though. I do not get
any error from Windows 2000 if RestrictAnonymous=0.
Windows 2000 output:
NetUseAdd LastError : 997
User : Administrator
User : ...
WNetCancelConnection2 : 2250
Windows 2003 output:
NetShareEnum LastError : 5
Return Code : 5
The Windows 2000 errors indicate that it first gets an overlapped I/O,
and then errors because the network connection does not exist. I am
leaning towards it somehow erroring and defaulting to a non-null
session under the current user's context.
I next ran NullSession from the same computer in the domain, but
logged in as a local Administrator. This gave me no permissions on
either of the target computers. Both Windows 2000 and Windows 2003
targets refused to display user accounts.
Windows 2000 output:
NetUseAdd LastError : 997
NetShareEnum LastError : 5
Return Code : 1326
WNetCancelConnection2 : 2250
Windows 2003 output:
NetShareEnum LastError : 5
Return Code : 5
So, in my environment at least, it is working. RestrictAnonymous=2 on
prevents enumeration of null sessions from users not authenticated to
the domain.
Regards,
Wolfgang
A few more details, mapping the error codes to their Win32
definitions:
Error 5: Access is denied
Error 997: Overlapped I/O operation is in progress
Error 1326: Logon failure: unknown user name or bad password
Error 2250: This network connection does not exist
| 
XML Sitemap