troubling anonymous Logon events in Windows Security event log

security windows windows-event-log

Solution 1:

The "anonymous" logon has been part of Windows domains for a long time--in short, it is the permission that allows other computers to find yours in the Network Neighborhood, find what file shares or printers you are sharing, etc.

It is also why Windows admins say never to grant share permissions to the "Everyone" group (unless you know what you are doing), because "Everyone" also includes "no one"--er, ANONYMOUS. Rest assured that unless you

Anyway, in this case you probably want to lock it down with Registy settings or better yet, Local or Group Policies. Look in your policy editor under Computer Configuration\Windows Settings\SecuritySettings\Local Policies\SecurityOptions for the following options:

  • Network access: Allow anonymous SID/Name translation
  • Network access: Do not allow anonymous enumeration of SAM accounts
  • Network access: Do not allow anonymous enumeration of SAM accounts and shares
  • Network access: Let Everyone permissions apply to anonymous users
  • Network access: Named Pipes that can be accessed anonymously
  • Network access: Shares that can be accessed anonymously

Related

Does splitting out Data, Logs, and TempDB matter using a SAN with SQL 2008
Why does apache log requests to GET http://www.google.com with code 200?
php-fpm php_network_getaddresses calls randomly start failing with bad udp cksum
Checking whether disk is in sleep state (FreeNAS)
High Instances of Zero Window Messages
Is there a clean way of combining nginx location rules?
Why did my CentOS 5 production server reboot?
How to avoid the prompt “Do you want to find PCs, devices, and content”?
amavis + SA not marking messages as spam
How do I install the pdo_mysql driver on Red Hat Enterprise Linux 6.1?
Chef = Node Attribute, how to Manage them locally, versioned and then upload them?
How do I host 2 different website names at the same IP address?