Article ID: 942428 - View products that this article applies to.
By default, Windows Server 2003 domain controllers let anonymous users resolve a security identifier (SID) to a user name.
This configuration has security risks. For example, an anonymous user can use the well known Administrators SID to obtain the real name of the built-in Administrator account. This behavior may occur even though the account has been renamed.
This configuration is automatically applied during the Active Directory directory service installation to support compatibility with earlier versions.
To avoid the potential risks of the default configuration, follow these steps:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
If the Network access: Allow anonymous SID/Name translation setting is disabled, earlier operating systems or applications may be unable to communicate with Windows Server 2003 domains. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/823659/ )Client, service, and program incompatibilities that may occur when you modify security settings and user rights assignments
Article ID: 942428 - Last Review: October 11, 2007 - Revision: 1.2