|
Posted by Steven L Umbach on December 23, 2005, 1:08 pm
Please log in for more thread options By default the security log is very small in size and you may want to
increase it to at least 5MB. Anonymous logons are normal in a network where
you are using file and print sharing and netbios over tcp/ip is enabled as
the computer browser service uses anonymous logon/null sessions to build and
maintain the browse list that you see in My Network Places. Of course you
should only be seeing computer names you recognize using a firewall to
protect your network from untrusted networks such as the internet. This
particular computer could also be seeing more then normal activity if it is
a master browser or backup browser. You can use the command nbtstat -n to
see if it is either of those. --- Steve
Example of nbtstat -n output
D:\Documents and Settings\Steve>nbtstat -n
Local Area Connection:
Node IpAddress: [192.168.1.52] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
STEVE-XP <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
STEVE-XP <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
"Troy" <nospam> wrote in message
>I have a workstation that the security log file gets full every few days.
>I
> saved and cleared the log file again this morning. The only entries are
> events 538 and 540's from the domain controller and another workstaion.
> Why am I seeing anonymous logins from another workstation?
>
> thanks!
>
>
| 
XML Sitemap