NET START NETLOGON The filter should be active. However, remember that the registry is computer-specific. You'll have to repeat this procedure for every domain controller in your domain. If you decide to disable the SID filtering at a later time, simply delete the registry key that you created and then stop and restart the Netlogon service. Windows 2000 SID filtering If you're going to be implementing SID filtering in a Windows 2000 domain, you'll have to use the NETDOM utility. The NETDOM utility isn't installed as a part of the Windows 2000 operating system, but it's available on the Windows 2000 CD as a part of Windows 2000 Support Tools. To install the NETDOM.EXE utility, insert your Windows 2000 Server installation CD and wait for the splash screen. On the splash screen, select Explore The CD's Contents. Next, navigate to the \SUPPORT\TOOLS folder and double-click the Setup icon. You'll see a wizard that's used for installing the Windows 2000 Support Tools. The wizard is relatively self-explanatory. Once you've completed the wizard and installed the Windows 2000 Support Tools, reboot your server. Next, log on as the Administrator. Open a command prompt window and navigate to the \Program Files\Support Tools folder. Finally, enter the following command to implement SID filtering: NETDOM /FILTERSIDS YES domain_name Because you're working in an Active Directory environment, you only need to issue this command on a single domain controller. The replication service will implement SID filtering on the other domain controllers. To disable SID filtering, enter the following command: NETDOM /FILTERSIDS NO domain_name You can also check the filter status by using this command: NETDOM /FILTERSIDS domain_name Be prepared Although an EoP attack isn't the most common threat you'll face, if you're in an environment where security is paramount, you shouldn't leave anything to chance. Because an EoP attack gives the attacker full administrator rights to your network, an attacker that successfully uses it can do quite a lot of damage to your network, from stealing data to destroying your Active Directory tree. It may take some radical steps to protect your network against an EoP attack, but in a high-security environment, it may be worth the effort.
Have your say instantly, in the Tech Update forum.
For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter.
Find out what's where in the new Tech Update with our Guided Tour.
Tell us what you think in the Mailroom.
