RE: Event Viewer

From: Curtis Koenig [MSFT] (curtisko_at_online.microsoft.com)
Date: 01/26/04

• Next message: Curtis Koenig [MSFT]: "RE: Internet Security"
• Previous message: Jupiter Jones [MVP]: "Re: PID unable to get SP1 update"
• In reply to: MK: "Event Viewer"
• Next in thread: mk: "RE: Event Viewer"
• Reply: mk: "RE: Event Viewer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 26 Jan 2004 19:00:16 GMT

If this is Windows XP and you are using the in-box defualt sharing, this
indicates that someone accessed a share you created on your machine. By
defualt a Windows XP computer that is not on a domain uses what is called
Simple File Sharing, this model uses the local guest account on the
computer with no password to allow others to access file shares that are
located on that computer. So the question really comes down to what kind
of network are you on? and What kind of security are you looking for?

--
Curtis Koenig
Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP
This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit.  Thanks!
--------------------
>From: "=?Utf-8?B?TUs=?=" <anonymous@discussions.microsoft.com>
>Subject: Event Viewer
>Date: Sun, 25 Jan 2004 15:26:06 -0800
>
>Looking in security in my event viewer I notice an anonymous logon. Here 
are the proporties of the Anonymous Logon :
Type :  Success Audit
Event I.D  :540
User:  NT AUTHORITY\ANONYMOUS LOGON
Successful Network Logon:
 	User Name:	
 	Domain:		
 	Logon ID:		(0x0,0xEAB7)
 	Logon Type:	3
 	Logon Process:	NtLmSsp 
 	Authentication Package:	NTLM
 	Workstation Name:	
 	Logon GUID:	{00000000-0000-0000-0000-000000000000}
Should I be concerned about this ?
What is Logon Type 3 ?
How do I disable/Delete this Anonymous Logon ?
GR
 
   
  
>

---

• Next message: Curtis Koenig [MSFT]: "RE: Internet Security"
• Previous message: Jupiter Jones [MVP]: "Re: PID unable to get SP1 update"
• In reply to: MK: "Event Viewer"
• Next in thread: mk: "RE: Event Viewer"
• Reply: mk: "RE: Event Viewer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Event Viewer ... I am running XP Home for my home desktop, it is not networked and the guest ... The Anonymous Logon appears once the system is booted up, ... no internet connection during this process, ... up in the event viewer as soon as I booted up the system. ... (microsoft.public.windowsxp.security_admin) RE: Access a remote MSMQ Server from and ASP page (Q173339) ... Even you have set "ANONYMOUS LOGON" with all access priviliges, ... to MSMQ will still failed due to WIndows NT ACL. ... The anonymous user may not ... (microsoft.public.inetserver.asp.general) Re: Enabling anonymous ldap in server 2003 ... > upgrade soon. ... Anonymous logon to the Pre-Windows 2000 Compatible Access group on the ... Enable Windows NT 4.0-Based RAS Servers in a Windows 2000-Based Domain ... (microsoft.public.windows.server.migration) VMS as NFS client - solved!!!!! (almost) ... The problem turns out to be a Windows problem - maybe; more on the what or why soon. ... Out of the mist came the memory of Windows Everyone not *really* being everyone, so I also added ANONYMOUS LOGON to the Windows file/folder protection list entries with full access - and - VOILA!! ... Now for the weirdness, using the ANONYMOUS LOGON entry in the Windows file/folder protection makes some sort of sense when you think about it (VMS is using anonymous access to get to NFS), but why don't Linux/UNIX clients need it on to work? ... (comp.os.vms) ANONYMOUS LOGON/Manual IRQ Assignment ... There seems to be a huge quantity of ANONYMOUS LOGON on the event viewer ... for the XP Home system the childrens machine is running. ... If this was XP Pro I ... Is there anyway to PREVENT anonymous logon in XP HOME or change the password ... (microsoft.public.windowsxp.security_admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)