Re: weird security logs

From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 10/31/02

• Next message: Torgeir Bakken (MVP): "Re: End user local/domain accounts"
• Previous message: Eric Fitzgerald [MS]: "Re: IPSec auditing"
• In reply to: NeoSadist: "Re: weird security logs"
• Next in thread: Alissa: "Re: weird security logs"
• Reply: Alissa: "Re: weird security logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com>
Date: Thu, 31 Oct 2002 12:18:58 -0800

You should not set RestrictAnonymous to 2. It is not a supported
configuration.

Removing "Everyone" from "Access this computer from network" might work, but
might also have unintended side effects, but is a better solution.

Eric

"NeoSadist" <neos@dist> wrote in message
news:us14re2b65h79d@corp.supernews.com...
>
> "Eric Fitzgerald [MS]" <ericf@online.microsoft.com> wrote in message
> news:3dc07d97$1@news.microsoft.com...
> > Usually this is the browser service. If you want to experiment, turn
off
> > the browser service on all your machines (just stop it, don't disable,
no
> > reboot required, and restart it when you're done testing).
> >
> > You can make sure that anonymous is not getting any unnecessary
privileges
> > by setting RestrictAnonymous to 1.
> >
> > Eric
> >
> > "NeoSadist" <neos@dist> wrote in message
> > news:us0cvrrpqpjc44@corp.supernews.com...
> > > I'm getting a lot of authentication logs in the security logs on an
> > > ANONYMOUS user logging into my computers on win2k peer to peer
workgroup
> > > connected to a linksys router. They're success logs, with a type 3
> login.
> > > Does anyone know where I can learn how to decipher the event logs? I
> > don't
> > > know what the event ID's mean either.
> > >
> > >
> >
> >
>
>
> It's on restrictanonymous = 2 (no access without explicit permissions) and
> my security log logs when both login types have either success or failure.
> I remove the everyone group from "Access this computer from the network".
> So then I guess it's services and browser stuff. I guess it's cause I
have
> my local security policy \ local policies \ audit policy settings to
success
> and failure on both account logon events and logon events. I'll try
> disabling the audit success on both and audit just fail. Thanks for
helping
> me to figure it out!
>
>

• Next message: Torgeir Bakken (MVP): "Re: End user local/domain accounts"
• Previous message: Eric Fitzgerald [MS]: "Re: IPSec auditing"
• In reply to: NeoSadist: "Re: weird security logs"
• Next in thread: Alissa: "Re: weird security logs"
• Reply: Alissa: "Re: weird security logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Event Logs/Event Viewer ... That works for Pro but Home has no group policy editor. ... Set both Audit account logon events & Audit logon events for Success & ... (microsoft.public.windowsxp.general) Re: Track abnormal restart ... Set both Audit account logon events & Audit logon events for Success & ... (microsoft.public.windowsxp.general) Re: Shutdown log appear at event viewer ... If XP Pro, Group Policy. ... Set both Audit account logon events & Audit logon events for Success & ... (microsoft.public.windowsxp.general) Re: users account log files ... If XP Pro, Group Policy. ... Set both Audit account logon events & Audit logon events for Success & ... (microsoft.public.windowsxp.general) Re: Audit: Account Logon Vs. Logon Events ... Audit logon events ... Policies\Audit Policy ... Determines whether to audit each instance of a user logging on, logging off, ... unchecking Success and Failure. ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint