Quantcast
Channel: Directory Services forum
Viewing all articles
Browse latest Browse all 31638

A user account was changed by ANONYMOUS LOGON

$
0
0

Hi All,

I have a few DCs. When i review the security logs i can see a lot events like the below:

A user account was changed.

Subject:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain:NT AUTHORITY
Logon ID: 0x3E6

Target Account:
Security ID:<Domain>\<User>
Account Name:<User>
Account Domain:<Domain>

Changed Attributes:
SAM Account Name:-
Display Name: -
User Principal Name:-
Home Directory:-
Home Drive: -
Script Path: -
Profile Path: -
User Workstations:-
Password Last Set:07/11/2018 10:14:26
Account Expires:-
Primary Group ID:-
AllowedToDelegateTo:-
Old UAC Value:-
New UAC Value:-
User Account Control:-
User Parameters:-
SID History: -
Logon Hours: -

Additional Information:
Privileges: -

I have checked a few articles (but can't find anything official by Microsoft) that ANONYMOUS LOGON is used to replicate the password between PDC and each DC. Also i can't find S-1-5-7 under the ForeignSecurityPrincipals Container.

Is there an official Microsoft article about the purpose of ANONYMOUS LOGON and the usage of it ? At what cases and circumstances it is used, as it is a bit annoying to see so many "anonymous logons" ?


Viewing all articles
Browse latest Browse all 31638

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>