Resetting RestrictAnonymous Disables the Browser Service

After reading "The Computer Browser Service" (June 2002, http://www.winnetmag.com, InstantDoc ID 24879), I wanted to mention a registry value that can block browsing: RestrictAnonymous. A while back, I ran across the Microsoft article "How to Use the RestrictAnonymous Registry Value in Windows 2000" (http://support.microsoft.com/?kbid=246261). The article explains how to use the RestrictAnonymous registry value to restrict access over anonymous connections. I thought the procedure sounded like a good idea to keep unauthorized users out of my system. So, I set the RestrictAnonymous value to 2 (i.e., no anonymous enumeration of the SAM or shares) on my Win2K PCs.

I forgot to log this change into my Win2K Professional system modification document. Consequently, several months later I had no idea why my Windows 9x machines couldn't browse my Win2K Pro machines, unless on the Win2K Pro machines I set the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParametersIsBrowseMaster registry subkey to False (the Win2K Pro default) and the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParametersMaintainServerList registry subkey to No.

After I reread the Microsoft article, I reset the RestrictAnonymous registry value to 0, left the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParametersIsBrowseMaster registry subkey at its default setting of False, and changed the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParametersMaintainServerList registry subkey back to Auto (the Win2K Pro default). Browsing from Win9x to Win2K then worked.

Setting RestrictAnonymous to 2 on Win2K Pro machines can be a good idea. Just be aware that you won't be able to browse the machines—you'll have to enter the machines' Universal Naming Convention (UNC) names to use the machines' resources.