Link to home
Start Free TrialLog in
Avatar of rjordanbots
rjordanbotsFlag for United States of America

asked on

Turning off LDAP Anonymous Directory Access Permitted on Windows Server 2013 R2

How do you turn off LDAP anonymous on Windows Server 2013 R2 Domain Controller?
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

That is the default configuration. Anonymous access has to be explicitly granted, and usually there is no good reason to do so.
Avatar of rjordanbots

ASKER

Sorry, I meant Windows Server 2012 R2
Yeah. Since there is no 2013, I knew what you meant. Same answer.
We had a security company come in and do a network assessment, this was one of the issues on the assessment that my boss wanted me to fix. I realize it is a default config. He did a ldapsearch to anonymously connect to the ldap service and pulled the Directory Information tree. I'm just not sure how to go about and turn this anonymous access off though. Or why do you say there isn't a good reason to do so? This is not for the DSE Root account.
ASKER CERTIFIED SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks, Adam, this fixed the solution, appreciate it.