BCAAA detects NT AUTHORITY\ANONYMOUS LOGON accounts
You see the NT AUTHORITY\ANONYMOUS LOGON username in the access logs
You see NT AUTHORITY\ANONYMOUS LOGON in the policy trace
BCAAA reports the anonymous user when it finds a NULL SMB session. This is the correct behavior, because NULL sessions use anonymous credentials.
This problem can be fixed by adding to the [SSOServiceUsers] section of sso.ini. This will cause BCAAA to ignore NULL sessions. BCAAA must be restarted after applying the changes.
Note : Please make sure there are no spaces or blank characters after NT AUTHORITY\ANONYMOUS LOGON on the last line from the example below.
Rate this Page
Please take a moment to complete this form to help us better serve you.