how to disable the CAP_EXTENDED_SECURITY bit on win2k ?

Gerald (Jerry) Carter jerry at
Tue Nov 13 13:23:03 GMT 2001

On Tue, 13 Nov 2001, Mayers, Philip J wrote:

> I don't think you can - it is always sent by the server if the client
> 0x0800 in the Flags2 of the NegProt, IIRC. What's the specific problem
> you're having?

Somewhere along the way we are diverging from WIN2K and causing
the Win2k client to hit an untyested code path.  For example,
while logged onto a local Win2k client as Administrator and connected to a
Samba 2.2 server as root, the Win2k client issues an additional
anonymous SMBsessetup&x and tcon to IPC$.  The client then proceeds to
issue several SETPRINTERDATA calls while installing a printer.
Note that since these are done on the anonymous connection, the printer's
security descriptor disallows the updates.  Not that the SETPRINTERDATA
calls are issued using a printer handle that was opened with only
PRINTER_ACCESS_USE access!!!  Arrghhh!!

(and yes this looks like a client bug in case you were wondering)

I need to disable the extended security capability bit on the Win2k
server so I can see if this causes the same behavior on the client
(anonymous connection and issue SETPRINTER calls).


More information about the samba-technical mailing list