GPO

Discussion:

GPO

(too old to reply)

ZIDAC

2007-02-19 07:50:05 UTC

Hello, i am from Spain, excuse me my inglish

I have a 2003 Domain with XPpro clients.
I see the GPO:

"Network access: Shares that can be accessed anonymously"

This security setting determines which network shares can accessed by
anonymous users, but i have any question:

¿Why are by defalult this values: DFS$ and COMCFG?

¿What are DFS$ and COMCFG?

¿Can i delete this value for my clients in AD?

thanks,
ZIDAC

a***@gmail.com

2007-02-19 10:57:31 UTC

Permalink

Hi,

1. COMCFG Share(SNA_ROOT/SYSTEM/COMCFG) is created by SNA / Host
Integration Server while setup. If you don't have HIS you can delete
this.
2. DFS(Distributed File System) share can be created using Start >
Programs > Administrative Tools > Distributed File System in 2003.
Normally Medium to large sized organizations use the DFS. For smaller
companies file server is enough. If you don't want the users to access
the DFS shares you can delete this.

Adam,
ADManager Plus Team.

Post by ZIDAC
Hello, i am from Spain, excuse me my inglish
I have a 2003 Domain with XPpro clients.
"Network access: Shares that can be accessed anonymously"
This security setting determines which network shares can accessed by
¿Why are by defalult this values: DFS$ and COMCFG?
¿What are DFS$ and COMCFG?
¿Can i delete this value for my clients in AD?
thanks,
ZIDAC

Roger Abell [MVP]

2007-02-19 14:42:06 UTC

Permalink

Also, notice that this policy, and its partner security option
"named pipes that can be accessed anonymously"
only allow access to items that actually exist if those features
or layered products are installed/used.

Are you familiar with the Treats and Countermeasures Guide?
http://www.microsoft.com/technet/security/guidance/Serversecurity/tcg/tcgch00.mspx
in which it is noted under the following that the policy about
which you ask is only effective if the following policy is also used
Network access: Restrict anonymous access to Named Pipes and Shares

Roger