>seems to me that permitting an anonymous bind to LDAP is inherently more >secure than requiring a user/password combination so I don't think that >your explanation is exactly true. There are ways to create accounts just for this with reduced privileges. Research technet... >In Microsoft's view, the only systems querying LDAP would be systems >automatically passing the authentication. Wow, someone actually hacking on MS for expecting us to do things secure? What will they expect next:) If they didn't and by default allowed anon binds, "someone" would surely say "Microsoft sucks, they don't expect us to do this securely, blah blah". The topic is mute, lets save the list the despair of rehashing the severely hashed. From the point of view of some, MS will always suck. Changing the minds of that type of person isn't my interest, I was merely pointing out some facts surrounding the implementation of the topic at hand. Sorry for disagreeing with you:)