I receive many Anonnymous Logon security events as listed below in the Windows Event Viewer. How can I disable Anonymous Access in Windows Server 2003?
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Time: 8:33:09 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Successful Network Logon:
Logon ID: (0x0,0xBEFA999)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: XXXXXXXX
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: ###.###.###.###
Source Port: 0
- Login as Administrator and click Start > Run.
- Type regedit in the box and click Ok button.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Change the value of RestrictAnonymous from 0 to 1.
- Exit regedit and reboot the server.
Article ID: 172, Created: June 22, 2015 at 5:39 AM, Modified: February 10, 2021 at 3:41 AM