Hello,
I would like to know how to block workstations from logging onto my xp pro
machine. I have a dsl connection, zone alarm and the guest account is locked
out. I keep seeing this log on in the event viewer....
Type: Success A Event ID: 540
User: NT AUTHORITY\ANONYMOUS LOGON
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x41460)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: HOD
Logon GUID: {00000000-0000-0000-0000-000000000000}
For more information, see Help and Support Center at
i see this log on in the event viewer everyday and i want to stop it
permanantly.
Thank You
Eliot,
Are you missing a patch? This says it's for NT V4.0. NOT V5.1.
http://www.microsoft.com/technet/security/bulletin/MS01-008.mspx
Try doing a Google or Yahoo search for "NtLmSsp".
Is your computer directly connected to DSL? Check your ZA settings, make sure
that ZA doesn't show ANYTHING in the Trusted Zone! It sounds like your network
neighbors looking at you in Network Neighborhood (My Network Places). Can you
see anything there? Look under all 3 branches of Entire Network too.
Take a look at registry key [HKLM\System\CurrentControlSet\Control\Lsa], value
restrictanonymous.
<
http://www.microsoft.com/windows200...2000/techinfo/reskit/en-us/regentry/46688.asp>
<
http://www.jsifaq.com/subf/tip2600/rh2625.htm>
The above articles refer to Windows 2000. Remember WinXP is NT V5.1, and Win2K
is NT V5.0.
Have you used the Registry Editor before? If not, it's a scary tool, but it's
pretty simple once you get used to it. Here are a couple articles that might
help:
<
http://www.microsoft.com/windowsxp/...home/using/productdoc/en/tools_regeditors.asp>
<
http://www.annoyances.org/exec/show/registry>
Just remember to backup the key (create a registry patch) for
[HKLM\System\CurrentControlSet\Control\Lsa] before making any changes, if
appropriate.
From the Annoyances article:
You can create a Registry patch by opening the Registry Editor, selecting a
branch, and choosing Export from the File menu. Then, specify a filename, and
press OK. You can then view the Registry patch file by opening it in Notepad
(right-click on it and select Edit). Again, just double-click on a Registry
patch file (or use Import in the Registry Editor's File menu) to apply it to the
registry.
If you do this, you might not see your computer in Network Neighborhood any
more. So make sure you create the backup patch.
Please let us know what you find out. This could be interesting.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.