We are attempting to enable anonymous LDAP operations in Windows 2003 AD. This is working fine accept for some users where the "Anonymous Logon" entry we add is disappearing after a little while.
We have narrowed this down to the work of the AdminSDHolder which is doing its job and removing the settings we put in at its predefined time because the affected users happen to be part of the Print Operators group. When we remove users from this group the "Anonymous Logon" settings stay.
Can someone please tell meof a way that we can modify what AdminSDHolder does so that it allows users in the Print Operators group to have the "Anonymous Logon" entry with the "List Contents" attribute?