Why do authenticated users display with machine names or 'Anonymous Logon' rather than with proper user names?
In access logs, policy traces, and/or authenticated user lists, you see "NT AUTHORITY\ANONYMOUS LOGON" (or language variation) and machine names (names that end with a dollar sign $) instead of proper user names.
In cases where the ProxySG requests authentication before a user logs in to their workstation, Windows Server 2008 will instruct the ProxySG to use either the workstation name (ending with $) or ’NT AUTHORITY\ANONYMOUS LOGON’ as the authentication surrogate.
To resolve this issue, use a deny.unauthorized policy to negate the saved authentication credential and force the user to authenticate again. This should be transparent to the user if using IWA-based authentication.
Add the following to the Local Policy or a Visual Policy Manager CPL layer (if available).
Additionally, you may want to record which devices are attempting to login silently. This can be done by writing these specific login attempts to a separate Access Log. This would require you creating a custom Access Log.
Rate this Page
Please take a moment to complete this form to help us better serve you.