Re: Event ID 538 Logon Type 3 NT AUTHORITY/ANONYMOUS LOGON



Wins uses netbios name resolution so you could not disable NBT and have it
work anymore. I know it is a pain in some ways but that is the way it works
and it is pretty old technology. The links below explains more. What might
help is to configure the Local Security Policy local policies\security
options of the server for the security option for additional restrictions
for anonymous connections to be no access without explicit anonymous
permissions though enabling that setting can have ramifications in some
situations. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;323357
http://support.microsoft.com/?kbid=246261


"joescat" <joescat.2a8mu8@xxxxxxxxxxxx> wrote in message
news:joescat.2a8mu8@xxxxxxxxxxxxxxx

Thanks, that confirms my thinking, and results trying to pare down my
security event log.

I'm doing exactly that now - using EventComb to capture a particular
person's logon and logoff's. Unfortunately, even though I've cranked
up the size of the security log, it still doesn't go back very far due
to all the excess "chatter" by the anonymous logon events. I guess
I'll just have to live with it.

It would be undesirable to disabled NetBIOS , as it is very useful on
occasion to browse to this particular resource server.

I will play around with stopping the Browser service, but so far I
haven't seen it become the master browser - the NT PDC grabs that role
of course, and the BDC's and such snatch up what's left.

Wondering, I am running a WINS server on a separate box from this one.
If everyting is registered properly (a static WINS entry perhaps), could
there be a way to configure that to allow browsing to the resource
server, yet leave NetBIOS disabled?



--
joescat
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1479326.html



.



Relevant Pages

  • Re: DNS conditional forwarding
    ... ok so if I just configure all the clients to use the same Wins Server ... NetBIOS name server, which also defines *nix NBNS servers. ... When you click on Network ... WINS database, the Browser service will pull that data, and then you will ...
    (microsoft.public.windows.server.active_directory)
  • Re: medical records, web server, & stateful firewall vs packet filter
    ... which the network can reinforce application security. ... >server, as the 2800 or ASA 5510 on the perimeter would deny access to ... assumption in typical web server with database back end designs. ... >limitations in TCP/IP and NetBIOS architectures). ...
    (comp.dcom.sys.cisco)
  • Re: DNS in the Windows Workgroup
    ... > connections, no Firewlls or NAT are on and all ADSL accounts ... NetBIOS connectivity. ... is based on the Browser Service, ... Microsoft Windows MVP - Windows Server - Directory Services ...
    (microsoft.public.win2000.dns)
  • Re: Windows 2000 workgroup not visible in NT environment
    ... workgroup became visible and the error messages were gone. ... Is it still neccesary to bind NetBIOS? ... Description of the Microsoft Computer Browser Service ... | We have a just added a windows 2000 server to our NT network evironment. ...
    (microsoft.public.win2000.general)
  • Re: Disable NetBIOS
    ... you to locate machines but NetBIOS name in a routed network (since NetBIOS ... And using a WINS server means that you're still using NetBT (NetBIOS over ... I'd try in a Windows XP group anyway. ... Performing SystemWorks procedure for security to disable ...
    (microsoft.public.inetserver.iis.security)