We constantly get anonymous logon events on our servers.
Are these logons something to worry about? Could someone maliciously exploit
these logons? Can we disable anonymous logons? And can we block these events
from appearing in our Security logs?
You don't have to worry about someone logging on to a server console anonymously,
because Windows doesn't allow that.
Anonymous logon events in your Security log look more dangerous than they really are. By default, the information you can access when you connect anonymously is extremely limited—basically, you can access only a list of shared folders and usernames. (I know; that gives an intruder a list of targets, but there are lots of other ways to get usernames.)
You can completely disable anonymous logons (aka null sessions), but doing
so might affect accessibility by users in trusting domains. Before changing
policies throughout your domain, I suggest testing them on a limited number
of systems. Windows XP and later provide the six policies listed below for controlling
what information can be accessed anonymously. (These policies are in the Microsoft
Management Console—MMC—Local Security Policy snap-in under Computer
Configuration\Windows Settings\SecuritySettings\Local Policies\SecurityOptions.)
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Let Everyone permissions apply to anonymous users
Network access: Named Pipes that can be accessed anonymously
Network access: Shares that can be accessed anonymously
The default values for these policies are acceptable for servers on a typical internal LAN. For hardened servers, such as Internet servers, I recommend disabling policies 1 and 4, enabling policies 2 and 3, and specifying empty lists for policies 5 and 6. . . .
You must be a logged on user to view the rest of this article
Both browsers are being positioned as the core system application that will enable the next generation of web apps--however, ISP usage caps could throw a major monkey wrench at web-based application delivery. ...
IT Connections Dive into the new Microsoft platforms and products you implement and support with the experts from Microsoft, TechNet Magazine, Windows ITPro and industry gurus. There are 70+ sessions and interactive panels with networking opportunities.
Attention User Group Leaders... Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes and add Windows IT Pro & SQL Server Mag articles alongside your own message!.
Master SharePoint with 3 eLearning Seminars Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!
Get SQL Server 2008 at WinConnections Don’t miss Microsoft Exchange and Windows Connections conferences, the premier events for Microsoft IT Professionals in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
Register
