This control access right can be used to restrict who can be allowed to use a downlevel API, such as NetQueryDisplayInformation and NetUser/GroupEnum, and enumerate the entire domain.
| Entry |
Value |
| CN |
SAM-Enumerate-Entire-Domain |
| Display-Name |
Enumerate Entire SAM Domain |
| Rights-GUID |
91d67418-0135-4acc-8d79-c08e857cfbec |
Implementations
Windows Server 2003
| Entry |
Value |
| Applies-To |
Sam-Server
|
| Localization-Display-ID |
57 |
Windows Server 2003 R2
| Entry |
Value |
| Applies-To |
Sam-Server
|
| Localization-Display-ID |
57 |
Windows Server 2008
| Entry |
Value |
| Applies-To |
Sam-Server
|
| Localization-Display-ID |
57 |
Windows Server 2008 R2
| Entry |
Value |
| Applies-To |
Sam-Server
|
| Localization-Display-ID |
57 |
Windows Server 2012
| Entry |
Value |
| Applies-To |
Sam-Server
|
| Localization-Display-ID |
57 |