G
Gunilla
Hi you all.
First..I hope this is the right group, otherwise, please show me where to
post my request.
Another first
)...I have searched Google, Microsoft support and also sent
a request to support online and I even got an answer but not a solution,
unfortunately. I have spent two weeks trying to figure out this issue I have
with the securitylog. So to my question.
I can see in the Event Viewers securitylog that I have Anonymous Logon's x
several each day which makes my log to fill up so very quickly, but I have
no intention to disable audit as I think it is important to have as an extra
resource if something should happen.
These Anonymous logons are identified with actual names as I see and here is
an example...
2004-10-14 14:37:35 Security Audit Successful Network Logon 540
NT INSTANS\ANONYMOUS LOGON XXX-XXXXXXXXX(<---my PC name I wanted to hide)
"Successful Network Logon:
Username:
Domain:
Logon-ID: (0x0,0x147315)
Logon type: 3
Logon process: NtLmSsp
Authentication package: NTLM
Workstation: STEFAN <---this name I do not recognize)
Logon-GUID: {00000000-0000-0000-0000-000000000000}"
2004-10-14 14:37:30 Security Audit Successful Network Logon 538
NT INSTANS\ANONYMOUS LOGON XXXX-XXXXXXXX
"User Logoff:
Username: ANONYMOUS LOGON
Domain: NT INSTANS
Logon-ID: (0x0,0x147257)
Logon type: 3
This above is just one of all users that is recorded as Logged on. What does
this mean? Have they access to my PC? I am not sharing anything, have to not
share any HD-D's or resources.
One thing I saw when fiddling around in security settings and users right
that in the Network-Assignments and the "Resources that can be used
anonymously" I had "COMCFG" and "DFS$" printed in that window that comes up
when opening the properties but I took that away as I can see in the help
about users rights and security settings that it is normally just blank in
that window by default.
I also read somewhere at the web that the Authentication with NtLmSsp is not
that safe as the Kerberos and I wonder if I should switch in some way, or
update to NTLMv2 and in that case...how am I doing it?
I guess there is more info you need but my head is empty now, just let me
know. I have....
WinXP Pro SP2....updated to last patch the other day.
IE version is the last one that comes with XP
OE - the same as IE...and the both are up to date
AntiVir AV...up to date
Ad-Aware....up to date
WMP 10
SpyWareBlaster....up to date
Ethereal I use in order to figure out what is going on, but not always
ZA Free...up to date..stealthed regarding GRC and Broadbandsreport.
Visual Zone
My Netwatchman
Bitdefender AV for MSN Messenger...my daughter uses it, very
restrictive..can't accept files. I have also disabled UpnP, DCOM and both
Messengers to start up with Windows.
Ophs...such a long letter. Thanks for your interest and TIA
Cheers,
Gunilla.
First..I hope this is the right group, otherwise, please show me where to
post my request.
Another first
)...I have searched Google, Microsoft support and also senta request to support online and I even got an answer but not a solution,
unfortunately. I have spent two weeks trying to figure out this issue I have
with the securitylog. So to my question.
I can see in the Event Viewers securitylog that I have Anonymous Logon's x
several each day which makes my log to fill up so very quickly, but I have
no intention to disable audit as I think it is important to have as an extra
resource if something should happen.
These Anonymous logons are identified with actual names as I see and here is
an example...
2004-10-14 14:37:35 Security Audit Successful Network Logon 540
NT INSTANS\ANONYMOUS LOGON XXX-XXXXXXXXX(<---my PC name I wanted to hide)
"Successful Network Logon:
Username:
Domain:
Logon-ID: (0x0,0x147315)
Logon type: 3
Logon process: NtLmSsp
Authentication package: NTLM
Workstation: STEFAN <---this name I do not recognize)
Logon-GUID: {00000000-0000-0000-0000-000000000000}"
2004-10-14 14:37:30 Security Audit Successful Network Logon 538
NT INSTANS\ANONYMOUS LOGON XXXX-XXXXXXXX
"User Logoff:
Username: ANONYMOUS LOGON
Domain: NT INSTANS
Logon-ID: (0x0,0x147257)
Logon type: 3
This above is just one of all users that is recorded as Logged on. What does
this mean? Have they access to my PC? I am not sharing anything, have to not
share any HD-D's or resources.
One thing I saw when fiddling around in security settings and users right
that in the Network-Assignments and the "Resources that can be used
anonymously" I had "COMCFG" and "DFS$" printed in that window that comes up
when opening the properties but I took that away as I can see in the help
about users rights and security settings that it is normally just blank in
that window by default.
I also read somewhere at the web that the Authentication with NtLmSsp is not
that safe as the Kerberos and I wonder if I should switch in some way, or
update to NTLMv2 and in that case...how am I doing it?
I guess there is more info you need but my head is empty now, just let me
know. I have....
WinXP Pro SP2....updated to last patch the other day.
IE version is the last one that comes with XP
OE - the same as IE...and the both are up to date
AntiVir AV...up to date
Ad-Aware....up to date
WMP 10
SpyWareBlaster....up to date
Ethereal I use in order to figure out what is going on, but not always
ZA Free...up to date..stealthed regarding GRC and Broadbandsreport.
Visual Zone
My Netwatchman
Bitdefender AV for MSN Messenger...my daughter uses it, very
restrictive..can't accept files. I have also disabled UpnP, DCOM and both
Messengers to start up with Windows.
Ophs...such a long letter. Thanks for your interest and TIA
Cheers,
Gunilla.