Previous Posts

 Two new vulnerabilities found in image preview fea...

Keep XP SP2 from rebooting your machine automatica...

Apple Unveils new intel line

Utility to reboot a computer remotely on your lan

How to WMF Hack proof your machines

How to refresh group policy on Windows 2000

Silent install of Office XP SP2

What will Apple reveal on Tuesday?

Windows File Protection - Stops Microsoft Patch!

Clean viruses quickly



Archives

May 2005

January 2006

April 2006

May 2006

June 2006

July 2006

September 2006

October 2006

November 2006

December 2006

January 2007

February 2007

March 2007

April 2007

May 2007

June 2007

July 2007

August 2007

September 2007

October 2007

November 2007

December 2007

January 2008

February 2008

March 2008

April 2008

May 2008

June 2008

July 2008

August 2008

September 2008

October 2008

November 2008



Subscribe to our Feed:

CNAME Sharing disabled in Windows 2003 SP1

If you like this article, then sign up for our email newsletter to get more like it every day in your inbox

For a long time now we have used DNS CNAME for our servers. CNAME stands for canonical name. It is an alias for another host name. In our case we have two servers. Their names have been changed to protect the innocent. Lets say they are called iserver1, and iserver2. We constantly replicate all of our data from iserver1 to iserver2.

We have created a CNAME and call it fileserver. This CNAME points right now to iserver1. All the users on our network share to \\fileserver\sharename. Now if something bad were to happen to iserver1 we could change the CNAME to iserver2 and within minutes we would be back and running again. This is what you would call a poor mans backup system – call it what you want, but it has saved us a tremendous amount of time on two different occasions.

Both of our servers have been humming along fine for a while now – and we decide it is finally time to upgrade 2003 to SP1. After the upgrade we could not share to \\fileserver. Now if we try to connect to the actual server name it works fine.

We suspected right away that SP1 must have some type of security enhancement that has disabled our CNAME trick. After a few hours of searching we finally found the registry key in question:

HKEY_LOCAL_MACHINE

SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

If we create a DWORD value under this key named:

DisableStrictNameChecking

And set it to ‘1’ – our CNAME works again!

Now we thought we might be making something insecure by doing this, but Microsoft KB article 281308 seems to indicate that this is a bug.

For those of you who do not want to dive into the registry, we have written a simple app that will change this setting for you. Find it in on our downloads page


Posted By: Steve Wiseman on Friday, January 13, 2006

Check out our utilities for windows

 
Home|Downloads|Products|Blog
Copyright © IntelliAdmin, LLC, 2008. All Rights Reserved
Privacy Policy