An ordinary domain user (or domain guest) is granted the Domain List Accounts right. This enables them to display user and group account names.
Microsoft has written LISTACCT.EXE, a tool that will allow you to deny or grant this right. Unfortuneatley, you must call to receive it, mentioning Knowledge Base Article Q180782.
NOTE: You must NOT have RestrictAnonymous (a type REG_DWORD) set to 1 at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA,
when users do not have the Domain List Accounts right.
If to have to set this value back to 0, or delete the Value Name,
you will need to reboot.
0 comments
Hide comments