ANONYMOUS LOGON when changing windows 2000 workstation password

[Guest]

To Whom Can Help:

I look through Windows 2000 server logs and I notice that for security event
627 the Caller User Name for Change Password Attempt is ANONYMOUS LOGON for
people with legitimate Windows 2000 user accounts. Is this normal? If this
is not, could you please help me find out why this would happen?

 

[Steven L Umbach]

Yes that is normal in cases where the user needs to change their password
before being authenticated such as when their password expires. The link
below explains this more. --- Steve

http://support.microsoft.com/?id=242795

The Everyone group has Change Password permissions on all computer and user
objects so that unauthenticated or "anonymous" users or computers are able
to change their passwords when they expire without having to be
authenticated first. If the anonymous user is denied the ability to change
passwords, the user would be unable

 

[Guest]

Thank you for your help Steven!
JYC

Yes that is normal in cases where the user needs to change their password
before being authenticated such as when their password expires. The link
below explains this more. --- Steve

http://support.microsoft.com/?id=242795

The Everyone group has Change Password permissions on all computer and user
objects so that unauthenticated or "anonymous" users or computers are able
to change their passwords when they expire without having to be
authenticated first. If the anonymous user is denied the ability to change
passwords, the user would be unable