Re: Event ID 538 Logon Type 3 NT AUTHORITY/ANONYMOUS LOGON



Wins uses netbios name resolution so you could not disable NBT and have it
work anymore. I know it is a pain in some ways but that is the way it works
and it is pretty old technology. The links below explains more. What might
help is to configure the Local Security Policy local policies\security
options of the server for the security option for additional restrictions
for anonymous connections to be no access without explicit anonymous
permissions though enabling that setting can have ramifications in some
situations. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;323357
http://support.microsoft.com/?kbid=246261


"joescat" <joescat.2a8mu8@xxxxxxxxxxxx> wrote in message
news:joescat.2a8mu8@xxxxxxxxxxxxxxx

Thanks, that confirms my thinking, and results trying to pare down my
security event log.

I'm doing exactly that now - using EventComb to capture a particular
person's logon and logoff's. Unfortunately, even though I've cranked
up the size of the security log, it still doesn't go back very far due
to all the excess "chatter" by the anonymous logon events. I guess
I'll just have to live with it.

It would be undesirable to disabled NetBIOS , as it is very useful on
occasion to browse to this particular resource server.

I will play around with stopping the Browser service, but so far I
haven't seen it become the master browser - the NT PDC grabs that role
of course, and the BDC's and such snatch up what's left.

Wondering, I am running a WINS server on a separate box from this one.
If everyting is registered properly (a static WINS entry perhaps), could
there be a way to configure that to allow browsing to the resource
server, yet leave NetBIOS disabled?



--
joescat
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1479326.html



.