Everhart, Glenn
From:	Russ [Russ.Cooper@RC.ON.CA]
Sent:	Thursday, May 28, 1998 2:51 PM
To:	NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject:	CREATALS.EXE - WARNING!!!
Sorry for not doing this before I set up the download.

If you have RestrictAnonymous=1 set in your registry and you run the
CREATALS.EXE program the result is that LSASS.EXE goes to 50/100%
utilization and you will not be able to establish remote connections to
your PDC (not IIS, not Exchange, not DNS, not nothing!). You will,
however, still be able to operate from the console.

If this has already happened to you (sorry!) then you will need to do
the following;

- invoke regedt32
- goto hkey_local_machine\system\currentcontrolset\control\lsa
- change the value on RestrictAnonymous to 0
- shutdown and restart

Use all sorts of precautions when using the registry editor, yada...

LSASS will be back to normal once you've done this, but of course you
will also have disabled your RestrictAnonymous setting! I'm waiting for
MS to get back to me with an answer to the question "yeah, so how do I
get back what I had without restoring my registry?". More news later I
hope.

If you haven't already run CREATALS.EXE, then be warned, make sure you
disable RestrictAnonymous first (assuming you feel the value of doing
this is great than the value it provides!).

Had I known about the limitation I would probably have stuck with
RestrictAnonymous and forego the CREATALS. Maybe this is one reason why
MS did not make this available to the public.

Sigh...;-[

Cheers,
Russ