Archived from groups: microsoft.public.win2000.security (
More info?)
Anonymous logons are used by Windows networking to create null sessions for
a number of purposes with the main ones being use of the browse list - My
Network Places, and password changes that are implemented before logon.
Downlevel clients such as NT4.0 and Windows 98 will cause more of those
events than a pure W2K/XP environment.
They are not always [rarely] an indication of malicious activity.
Unexplained account lockouts and logon failures however could be. Null
sessions from the internet can provide attackers with important information
about your network such as computer, user, group, and share names. Of course
a properly configured firewall will block access to such null sessions.
Disabling netbios over tcp/ip and/or file and print sharing on computers
that do not need it will greatly reduce or eliminate null sessions, though
file and print sharing is also used for remote management via Computer
Management and such and is required on domain controllers. --- Steve
http://support.microsoft.com/?kbid=246261 --- read more on anonymous
access. Do not necessarily implement the "2" level registry mod -
particualry on domain controllers.
"Ralph" <anonymous@discussions.microsoft.com> wrote in message
news:2ecc01c470ce$29a2de50$a301280a@phx.gbl...
> Why do anonymous logons appear in the Security Log in
> Event Viewer on both Windows 2K Pro and NT 4.0?
>
Facebook
Twitter
Instagram