RE: Security event log "Logon/Logoff - Anonymous Logon"

From: pauly [MSFT] (pauly_at_online.microsoft.com)
Date: 03/22/04

• Next message: pauly [MSFT]: "RE: Logon Failure"
• Previous message: Chris: "WiFi Protected Access question(s)"
• In reply to: Nasarene: "Security event log "Logon/Logoff - Anonymous Logon""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 22 Mar 2004 01:05:17 GMT

'Anonymous Logon' is one of the built-in security groups on Wndows XP Pro
and Home Editions. The 'Anonymous Logon' group could be used for
legitimate purposes such as printing over the local network and other
network-based services. Microsoft has made some slight changes to the
function of this group to improve security. Starting in Windows XP the
Everyone group does not contain the security identifier (SID) "Anonymous."
Therefore, users or services that attempt to access an object anonymously
on a Windows XP-based computer are not granted access if the access control
list (ACL) on the object includes the Everyone group. Anonymous access is
only granted for objects whose ACL explicitly contains the anonymous SID,
which is less common.

MORE INFORMATION:

308418 HOW TO: Set, View, Change, or Remove File and Folder Permissions in
http://support.microsoft.com/?id=308418

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
pauly@online.microsoft.com

--------------------
| From: "=?Utf-8?B?TmFzYXJlbmU=?=" <anonymous@discussions.microsoft.com>
| Subject: Security event log "Logon/Logoff - Anonymous Logon"
| Date: Fri, 19 Mar 2004 06:26:05 -0800
|
| I have a home network in which I share folders and drives. I've recently
begun using broadband, and just checked my security event for the first
time. I noticed numerous successfull logon/logoff by "anonymous logon" at
times that I wasn't loging on or off. I had not checked this prior to
getting broadband.

Does this mean that someone or some program is logging onto my system in
some way? And if so, is there a way to prevent this from occurring?
|

---

• Next message: pauly [MSFT]: "RE: Logon Failure"
• Previous message: Chris: "WiFi Protected Access question(s)"
• In reply to: Nasarene: "Security event log "Logon/Logoff - Anonymous Logon""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Webserver Security Logs ... use null sessions to communicate between computers. ... workstation name associated with the event I believe. ... read more about that in the free Windows 2000 Security Hardening Guide. ... > Privilege Use 576 ANONYMOUS LOGON ... (microsoft.public.win2000.security) Re: ANONYMOUS LOGON ... If you open the local security policy of the machine, ... > How to disable access to ANONYMOUS LOGON? ... this server is used as Application Server. ... (microsoft.public.win2000.security) Additional Restrictions for anon. conn. ... I find many attempts to make anonymous logon attempts to one server in ... Is it worth enabling and tightening this GPO: Domain Security Policy ... (microsoft.public.win2000.security) Anonymous Logon ... In the event viewer, under security, I see: Sucess Audit - ... Anonymous Logon. ... (microsoft.public.windowsxp.security_admin) [NT] Cumulative Security Update for Internet Explorer (MS04-025) ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ... (Securiteam)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)