FYI - Changes to null session pipes post 2k3 SP1

Pre Win2k3 SP1 we actually had a hardcoded list of null session pipes + the registry key to come up with the complete list of allowed NULL session pipes.

PRE SP1 hard coded list:
===========
L"netlogon",
L"lsarpc",
L"samr",
L"browser",
L"srvsvc",
L"wkssvc",

POST SP1
==========
None
 

Net result?

If you messed with HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
NullSessionPipes value ( removed things like .. lsarpc, netlogon etc.. ) You will fail NULL session authentications where you used to succeed, even with nothing defined in the registry.

CHANGES:
=========
We remove items like trkwks, trksvr, epmapper, and locator.
We add browser
We then write the value: AdjustedNullSessionPipes == 1 under
CurrentControlSet\Services\lanmanserver\parameters
We remove the hardcoded list seen above

What does it effect?

Scenario:
DFS server goes to access a DC to get site info - it calls DsAddressToSiteNames() (
connect to netlogon ) to determine site info.

DFS Service runs as Local System
If the Kerberos authentication fails for some reason and we fall back to NTLM and it will authenticate as NULL

This call then fails since the DC will not authenticate the null connection to the
named pipe \pipe\netlgon.

Net Trace shows:
==================

DFS Server sends authn data:
SMB Command: Session Setup AndX (0x73)
Security Blob:
Domain name: NULL
User name: NULL
Host name: NNSFLS001

DC responds:
SMB Command: Session Setup AndX (0x73)
NT Status: STATUS_SUCCESS (0x00000000)

DFS Server tries to access \pipe\netlogon
SMB NT Create AndX Request, Path: \NETLOGON

DC Responds:
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_ACCESS_DENIED (0xc0000022)