Resetting RestrictAnonymous Disables the Browser Service

The RestrictAnonymous registry value helps you restrict access over anonymous connections but can disable browsing.

Bret A. Bennett

February 24, 2003

1 Min Read
ITPro Today logo in a gray background | ITPro Today

After reading "The Computer Browser Service" (June 2002, http://www.winnetmag.com, InstantDoc ID 24879), I wanted to mention a registry value that can block browsing: RestrictAnonymous. A while back, I ran across the Microsoft article "How to Use the RestrictAnonymous Registry Value in Windows 2000" (http://support.microsoft.com/?kbid=246261). The article explains how to use the RestrictAnonymous registry value to restrict access over anonymous connections. I thought the procedure sounded like a good idea to keep unauthorized users out of my system. So, I set the RestrictAnonymous value to 2 (i.e., no anonymous enumeration of the SAM or shares) on my Win2K PCs.

I forgot to log this change into my Win2K Professional system modification document. Consequently, several months later I had no idea why my Windows 9x machines couldn't browse my Win2K Pro machines, unless on the Win2K Pro machines I set the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParametersIsBrowseMaster registry subkey to False (the Win2K Pro default) and the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParametersMaintainServerList registry subkey to No.

After I reread the Microsoft article, I reset the RestrictAnonymous registry value to 0, left the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParametersIsBrowseMaster registry subkey at its default setting of False, and changed the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParametersMaintainServerList registry subkey back to Auto (the Win2K Pro default). Browsing from Win9x to Win2K then worked.

Setting RestrictAnonymous to 2 on Win2K Pro machines can be a good idea. Just be aware that you won't be able to browse the machines—you'll have to enter the machines' Universal Naming Convention (UNC) names to use the machines' resources.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like