locked
NT authority anonymous logon RRS feed

  • Question

  •  

    In the logs i find numerous message concerning anonymous logons. This concerns me. There are ways to avoid this but i wonder what would be the consequences to do this? If possible what is the best way to prevent this and if so what is the downside?

     

    Can i also redirect to my own provider the remote in avoiding the .homeserver .com of microsoft, only because i worry about possible seeding of hackers getting the ip adress and able to come in my server?  Other than those 2 questions i love this system.

    Monday, January 28, 2008 2:57 AM

Answers

  • It's probably EventID 538 / 540 (succesful network logoff / logon) that gets logged when a user on the network connects / disconnects to a resource (e.g. shared folder) provided by the Server service on the server. Logon Type will always be 3 which indicates a network logon. If you're worried check the IP address (somewhere at the bottom of the message), you'll probably find that in each case it's an IP from one of your client PC's.

     

    More info: http://www.eventid.net/display.asp?eventid=538&eventno=7&source=Security&phase=1

     

    Monday, January 28, 2008 10:27 AM
    Moderator