Stopping Anonymouse Logon

Discussion in 'Server Security' started by Jeff, Jan 17, 2005.

  1. Jeff

    Jeff Guest

    I have a W2K server and its security log show that there are some "anonymous
    logon". How do I stop the anonymous logons? Is their any reason I should
    allow them?
    Jeff, Jan 17, 2005
    1. Advertisements

  2. The anonymous logon is a security identity used by the operating system. To
    protect against people abusing it, you can enable the RestrictAnonymous
    registry key - check out;en-us;246261

    Remember that setting this value to 2 on a domain controller will break most
    domain logon functionality, so don't do that. Setting it to 2 on other
    systems may break applications that were coded to use anonymous logon,
    hopefully you don't have any of those.

    Chris Weber [Security MVP], Jan 19, 2005
    1. Advertisements

  3. Anonymous connections are common in Windows networking particularly for
    maintenance of the browse list and when downlevel clients are used on the
    network. I would not worry too much if you have a properly configured
    firewall to protect the network from outside users trying to use anonymous
    access/null sessions to enumerate user/group information. I would be much
    more concerned with numerous failed logon events in the logs, particularly
    for the administrator account. You can use security policy to lockdown
    anonymous connections but take care in doing so, particularly on domain
    controllers. The link below explains more about how to do such and the
    ramifications of locking down anonymous access. --- Steve
    Steven L Umbach, Jan 22, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.