Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

NT AUTHORITY\ANONYMOUS LOGON -SUCCESS-

Posted on 2003-10-28
3
24,379 Views
Last Modified: 2013-12-04
EVENT LOG
*******************************************
Event Type:      Success Audit
Event Source:      Security
Event Category:      Account Management
Event ID:      627
Date:            9/24/2003
Time:            6:53:20 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      SERVER1
Description:
Change Password Attempt:
       Target Account Name:      joeuser
       Target Domain:      CENTRAL
       Target Account ID:      CENTRAL\joeuser
       Caller User Name:      ANONYMOUS LOGON
       Caller Domain:      NT AUTHORITY
       Caller Logon ID:      (0x0,0xC6DB6)
       Privileges:      -
 *******************************************
This is an Exchange Server with Web service for OWA.
FTP is disabled. Up to Date Critical patches.

I want no Anonymous access at all!
How can I disable and verify NO Anonymous access?
How can I find out ORIGIN information: PC +/or IP +/or User.

Thanks
0
Comment
Question by:Suburb-Man
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
juliancrawford earned 250 total points
ID: 9636936
If no anonymous access to IIS services is required, disable the IUSR_computername account.

To track PC/IP info you need to setup auditing.
Control Panel>Administrative Tools>Local Security Policy>Local Policies>Audit Policy
0
 
LVL 1

Author Comment

by:Suburb-Man
ID: 9637151
Thanks for the prompt response.

Disabled IUSR_x, now to wait for complaints from users or logs.

How do I know that IUSR was the avenue Anonymous used?

What kind of Audit Policy do you suggest for JoeUser *?
* Name changed to protect the suspected innocent.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9637970
Here is a little article that discusses the IUSR account that could help
Understanding anonymous authentication and the IUSR account.
http://www.macromedia.com/support/ultradev/ts/documents/anonymous_authentication.htm

The most important items to audit would be
Audit logon events - success and failure
Audit account logon events - success and failure
Audit account management - success and failure

The results of the audit can be viewed in the Security log of the event viewer.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IE Plugin Issue 4 83
Monitoring software... 2 66
How to check which of my products use Blowfish encryption? 5 91
UAC Controls - confused 9 90
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question