Issues that occur after you implement the Microsoft Baseline Security Analyzer recommendations in SBS 2000

This article describes some of the issues that may occur after you implement the recommendations made by Microsoft Baseline Security Analyzer (MBSA) on a computer that is running Small Business Server (SBS) 2000.

Restrict Anonymous

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
MBSA recommends that you complete the following task: If you click How to correct this, you receive the following message in the Caution section: If you have applied either the Q299687 Windows 2000 security hotfix or the Q311401 Windows 2000 security rollup package to the SBS 2000 server and you set the RestrictAnonymous value to 2 in the registry, you may experience one or more of the following issues:

• If you use a Microsoft Outlook client computer (that uses a Microsoft Exchange Server computer), you cannot look through the global address list or resolve names from the global address list. The global address list appears to be empty.
• If you remove a mail profile from a client computer, you cannot reestablish a connection to the Exchange Server computer (to re-create the profile).
• You cannot add a network printer by selecting it from the Active Directory. However, you can still add a network printer by selecting it from the tree view.

To resolve these issues, upgrade your SBS 2000-based server to Windows 2000 Service Pack 4 (SP4) or Small Business Server 2000 Service Pack 1a (SP1a).
For more information, click the following article number to view the article in the Microsoft Knowledge Base: How to obtain Small Business Server 2000 Service Pack 1a

Services

MBSA may send the following message: If you click Result Details, MBSA displays the list of potentially unnecessary services that are installed. The following services may be listed:

• Remote Access Connection Manager: This service is used to provide remote access connections like dial-up connections and virtual private networking (VPN) connections to the SBS 2000 server. If you stop, disable, or remove this service, you prevent users from accessing the server by using dial-up or VPN connections.
• Simple Mail Transport Protocol (SMTP): Exchange 2000 uses this service to send and receive e-mail messages. If you stop, disable, or remove this service, you prevent the Exchange 2000 server from sending and receiving messages.
• World Wide Web Publishing Service: This service is used to publish Web sites. If you stop, disable, or remove this service, you prevent users from accessing Web sites that are hosted on the SBS 2000 server including Microsoft Outlook Web Access (OWA) and My Console.

IIS Lockdown Tool

MBSA may send the following message: In Exchange 2000 environments, you cannot use the lockdown tool with Exchange 2000 installable file system (IFS) mounted drives (typically, drive M). To use the lockdown tool on Exchange 2000 servers, including SBS 2000 servers, see to the following Microsoft Knowledge Base article.

For more information, click the following article number to view the article in the Microsoft Knowledge Base: For more information about a Post-SP2 Windows hotfix that resolves the regression introduced by Q299687 (which resolves the issues that are described in the present article), click the following article number to view the article in the Microsoft Knowledge Base: