Default AFP Settings

In our attempts to secure our OS X 10.1.5 (non-Server version)-based mailserver, I shut off AFP (at both the firewall and daemon levels). However, before doing so I read the default configuration settings and compared them to my 10.2 (non-Server version) machine: [color=blue:c5ff956b27]niutil -read . /config/AppleFileServer[/color:c5ff956b27] [b:c5ff956b27]10.1.5:[/b:c5ff956b27] [quote:c5ff956b27]name: AppleFileServer auto_restart: 0 guest_access: 0 activity_log_size: 1000 activity_log_time: 7 error_log_size: 1000 error_log_time: 0 activity_log: 0 reg_AppleTalk: 1 use_appletalk: 0 login_greeting: idle_disconnect_OnOff: 0 idle_disconnect_msg: idle_disconnect_time: 10 idle_disconnect_flag: GuestUsrDisconnect_ON ,RegtdUsrDisconnect_ON ,AdminUsrDisconnect_ON ,OpenFileDisconnect_ON client_sleep_OnOff: 1 send_greeting_once: 0 logging_attributes: Login_ON,Logout_ON,CreateDir_ON,CreateFile_ON,OpenForkk_ON,Delete_ON register_NSL: 1 login_greeting_time: 0 use_home_dirs: 0 allow_root_login: 0 afp_tcp_port: 548 tickle_time: 30 tickle_time_out: 120 tcp_quantum: 32768 activity_log_path: /Library/Logs/AppleFileService/AppleFileServiceAccess.log error_log_path: /Library/Logs/AppleFileService/AppleFileServiceError.log autostart: 0 afpserver_Threads: 40 client_sleep_time: 24[/quote:c5ff956b27] [b:c5ff956b27]10.2.4:[/b:c5ff956b27] [quote:c5ff956b27]idle_disconnect_time: 5 error_log_size: 1000 server_stopped_time: 1038366892 guest_access: 0 idle_disconnect_flag: GuestUsrDisconnect_ON ,RegtdUsrDisconnect_ON ,AdminUsrDisconnect_ON ,OpenFileDisconnect_ON reconnect_flag: all send_greeting_once: 0 logging_attributes: Login_ON,Logout_ON,CreateDir_ON,CreateFile_ON,OpenForkk_ON,Delete_ON activity_log_path: /Library/Logs/AppleFileService/AppleFileServiceAccess.log afp_tcp_port: 548 activity_log_time: 7 activity_log: 0 tickle_time_out: 120 autostart: 0 login_greeting: tickle_time: 30 activity_log_size: 1000 max_threads: 40 allow_root_login: 0 idle_disconnect_OnOff: 0 idle_disconnect_msg: error_log_path: /Library/Logs/AppleFileService/AppleFileServiceError.log reconnect_ttl_in_min: 1440 error_log_time: 0 ssh_tunnel: 0 auto_restart: 1 admin_gets_sp: 0 permissions_model: classic_permissions client_sleep_OnOff: 1 login_greeting_time: 0 use_home_dirs: 0 name: AppleFileServer use_appletalk: 0 special_admin_privs: 0 reg_AppleTalk: 1 tcp_quantum: 262144 register_NSL: 1 client_sleep_time: 24 attempt_admin_auth: 1[/quote:c5ff956b27] These setting defualts make sense for a workstation-class machine in a workgroup environment. However, on a server-class machine, they look very insecure to me (hence the reason I disabled the unnecessary-to-us service). [b:c5ff956b27]Cabbage[/b:c5ff956b27] (or anyone else)-- can you comment at all since you own 10.2 Server? Can you do a [color=blue:c5ff956b27]niutil -read . /config/AppleFileServer[/color:c5ff956b27] and post the results (that is, assuming Server uses the same facility as the standard workstation edition for AppleFileServer configuration)?