Hi, A recent Nessus scan reports that our Windows Server 2003 (It is DC+MSCS+Weblogic Server) has null base query vulnerability. It allows information to be retrieved without any prior knowledge of the directory structure. I've checked following settings based on the following KB articles but get no positive result: http://support.microsoft.com/kb/326690 dsHeuristics attribute is not defined on the DN path as follows: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,Root domain in forest http://support.microsoft.com/kb/837964 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous registry setting is already set to 2 Is it normal behavior?? How do I disable the null base query anyway?? Your advice is greatly appreciated and thank you in advance.