Solutions

BCAAA detects NT AUTHORITY\ANONYMOUS LOGON accounts

Solutions ID:    KB3813
Version:    2.0
Status:    Published
Published date:    06/01/2010
Updated:    01/04/2012
 

Problem Description

You see the NT AUTHORITY\ANONYMOUS LOGON username in the access logs

You see NT AUTHORITY\ANONYMOUS LOGON in the policy trace

Resolution

BCAAA reports the anonymous user when it finds a NULL SMB session. This is the correct behavior, because NULL sessions use anonymous credentials.

This problem can be fixed by adding to the [SSOServiceUsers] section of sso.ini. This will cause BCAAA to ignore NULL sessions. BCAAA must be restarted after applying the changes.
 

From:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices

To:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices
NT AUTHORITY\ANONYMOUS LOGON

 

Note : Please make sure there are no spaces or blank characters after NT AUTHORITY\ANONYMOUS LOGON on the last line from the example below.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question