Re: NT AUTHORITY\ANONYMOUS 528 and 576 events

From: Eric Fitzgerald [Microsoft] (ericf@online.microsoft.com)
Date: 02/22/02


From: "Eric Fitzgerald [Microsoft]" <ericf@online.microsoft.com>
Date: Fri, 22 Feb 2002 11:20:44 -0800

This is quite commonly the browser service.

Eric

--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Sergio Ricci" <sergio.ricci@no.spam.com> wrote in message news:44E112596843D3119DA800805FEF96DD0A2D3EAA@news.dmz.tminet.net... > Neil, > > This is quite normal and shouldn't alarm you too much. The > 'SeChangeNotifyPrivilege' is an advanced permission and bypasses traverse > checking. > > In a nut shell, Traverse checking is the process of checking permissions > along a directory tree up to the root and basically working out what > permissions a user has. This I believe is generally done when > files/directories are accessed. By default 'everyone' has the right to > bypass traverse checking and I would recommend that you leave it this way as > I have read that denying this right can cause 'BSOD'. I can't testify to > this as I personally have never really played around with it but that's my 2 > pence worth. > > Hope this has made it a little clearer. > > Serg > "neil" <nlehrer@yahoo.com> wrote in message > news:59a3eb31.0202150909.7b43e2e5@posting.google.com... > > i see these events on an nt4 sp5 wkstation. > > Successful Logon: > > User Name: > > Domain: > > Logon ID: (0x0,0x27B6) > > Logon Type: 3 > > Logon Process: KSecDD > > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > > Workstation Name: > > > > Special privileges assigned to new logon: > > User Name: > > Domain: > > Logon ID: (0x0,0x27B6) > > Assigned: SeChangeNotifyPrivilege > > > > > > it does not have iis or ftp. guest acct is disabled. i have looked > > around on the Net and have not found a good explanation of these > > events. i would appreciate any info that can be provided. > > > > thanks very much. > >



Relevant Pages