BCAAA detects NT AUTHORITY\ANONYMOUS LOGON accounts

Solution

Overview

You see the NT AUTHORITY\ANONYMOUS LOGON username in the access logs

You see NT AUTHORITY\ANONYMOUS LOGON in the policy trace

Cause
Resolution

BCAAA reports the anonymous user when it finds a NULL SMB session. This is the correct behavior, because NULL sessions use anonymous credentials.

This problem can be fixed by adding to the [SSOServiceUsers] section of sso.ini. This will cause BCAAA to ignore NULL sessions. BCAAA must be restarted after applying the changes.
 

From:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices

To:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices
NT AUTHORITY\ANONYMOUS LOGON

 

Note : Please make sure there are no spaces or blank characters after NT AUTHORITY\ANONYMOUS LOGON on the last line from the example below.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB3813
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat