Anonymous Logon

[Preacher Man]

I am having several Anonymous Logon entries in my security log in Windows 2K
Server. Please answer the following questions if possible.

1. How can I track down to see exactly what the Anonymous logon client is
accessing?

2. How can I determine where or how the Anonymous logon client is accessing
from?

3. Does the system have to have Anonymous Logon, and if not can I disable
it?

Thanks for your help.

 

[Jeff Cochran]

I am having several Anonymous Logon entries in my security log in Windows 2K
Server. Please answer the following questions if possible.

1. How can I track down to see exactly what the Anonymous logon client is
accessing?

2. How can I determine where or how the Anonymous logon client is accessing
from?

3. Does the system have to have Anonymous Logon, and if not can I disable
it?

Most likely it's IIS. If you don't use IIS remove it. If you don't
want anonymous web access, remove anonymous access from the web site
in IIS.

Jeff

 

[Steven L Umbach]

Anonymous logons [null sessions] are common with Windows networking and
mostly used by browse list maintenance for My Network Places. If you disable
netbios over tcp/ip or file and print sharing on a computer the anonymous
logons can be greatly reduced or eliminated. They are not a problem if you
have a firewall protecting your network, enforce the use of complex
passwords for your network, and monitor for unusual activity for failed
logon attempts.. --- Steve

http://support.microsoft.com/?kbid=246261 --- explanation of null sessions
and how to restrict them IF compatible with your network configuration.