服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Windows Server 2008 R2 Standard – 停止匿名login
Intereting Posts
网上花园…他们好或坏或什么? 如何调整Apache和Mysql 服务器目前正在大规模的DDoS ODBC连接错误 为什么在mod_wsgi部署的Flask api中使用gevent的方法会引发关于切换线程的错误? 将差分和父vhd合并到新的vhd中 Ubuntu 9.04上的Lotus Notes SAN架构如何工作,更重要的是扩展? ZFS快照(缺less增量) networking解决schemeDNS和垃圾邮件 通过GPP部署打印机时,驱动程序安装不起作用 如何通过SSH发送连续的stream virsh控制台和tty大小 我的无线连接有“完整的酒吧”,只有mac mini的奇怪的延迟 VPS DNSparsing问题

Windows Server 2008 R2 Standard – 停止匿名login

在Windows Server 2008 R2 Standard ED上。 我们有大量的匿名login在事件查看器下logging

如何阻止这个? 如何禁用匿名login?

消息副本: 

An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: ANONYMOUS LOGON Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7863af9a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: ZZC-01309261645 Source Network Address: 111.xxx.xxx.134 Source Port: 55xxx Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, ie the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

您可以使用registry项来限制它

HKEY_LOCAL_MACHINE \系统\ CurrentControlSet \控制\ LSA

将DWORD“RestrictAnonymous”更改为值2

这会将其设置为2级限制。 但要小心,因为它可能会破坏Windows 2000的相关问题。

http://support.microsoft.com/default.aspx?scid=KB;en-us;296405

尽pipe如此,您可能还是需要进一步观察一下您的机器,以及可能的networking。 你已经运行了NTLM,这是一个非常古老而且非常不安全的协议,称为NT Lan Manager。 您也可能在不应该有开放的端口,表明您可能不受防火墙的保护。 多年来Windows安全已经有所改善,但是在互联网上运行“裸”还是很危险的,特别是在发生NTLM的时候。 把这件事情放在防火墙后面,也许看看安全专家看看你的configuration。