and no man page for psec in SAMBA_2_2

Jean Francois Micouleau Jean-Francois.Micouleau at
Fri May 3 00:56:07 GMT 2002

On Fri, 3 May 2002, Richard Sharpe wrote:

> > btw, Tim, the restricted anonymous enumeration "feature" you had with W2K
> > and winbind, the policy code in w2k is changing the SD on the LSA pipe.
> Can you explain that some more? Do you mean that Win2K implements it by
> placing an SD on the LSA pipe?

yes. I guess I shouldn't reply before having a coffee.

There is a SD on the LSA pipe. It's used to control all the LSA functions
exactly like on the SPOOLSS pipe. And on the SAM pipe, that's the same.

If you want to check, a nice tool is lsaacl from todd sabbin at Run it against a W2K box and a NT4 box and compare the
SD. If the restric anonymous policy stuff is checked, you will see that
a ACL for everyone is there or not.


More information about the samba-technical mailing list