Wow. No kidding on the security tightening. I had to make the same changes. Your system is much less forgiving to * users now.I do understand why, and my comment isn't intended as criticism, just an observation.
If you're going to allow * users with a system this 'tight' (especially if you put in more restrictions), you will need to either post in your knowledgebase known-working config settings or, at least, have a canned ticket response for * setup requests. ("These settings are known to work, but beyond providing this information to you, we cannot provide specific support for * users.")
Bookmarks