Requirements for Network Management Functions on Servers and Workstations
If you call one of the network management functions listed in this topic on a server or workstation, different access requirements apply to information queries and information updates.
If you call one of the following functions to perform a query on a server or workstation, by default, all authenticated users can read and enumerate the information.
- NetGroupEnum, NetGroupGetInfo, NetGroupGetUsers
- NetLocalGroupEnum, NetLocalGroupGetInfo, NetLocalGroupGetMembers
- NetSessionGetInfo (levels 1 and 2 only)
- NetShareEnum (levels 2 and 502 only)
- NetUserEnum, NetUserGetGroups, NetUserGetInfo, NetUserGetLocalGroups, NetUserModalsGet
- NetWkstaGetInfo, NetWkstaUserEnum
Following is additional information about anonymous access when reading and enumerating information.
Windows Server 2003 and Windows XP: Anonymous access to information is possible if the EveryoneIncludesAnonymous policy setting allows anonymous access.
Windows 2000: Anonymous access to securable objects is possible if the RestrictAnonymous policy setting allows anonymous access. You can restrict anonymous access by setting the following key in the registry to the value 1.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous = 1
For more information, see the following article in the Microsoft Knowledge Base:
ARTICLE ID: Q246261
TITLE: How to use the RestrictAnonymous registry Value.
By default, only Administrators and Power Users can write information.
For more information about controlling access to securable objects, see Access Control, Privileges, and Securable Objects. For more information about calling functions that require administrator privileges, see Running with Special Privileges.