How to stop anonymous access on my webserver. 1

[GerritR]

On my w2k webserver I sometimes have the problem that all my useraccounts are locked out.
Now I analyzed the securitylog and found this event with id=512:

Object Open:
Object Server: Security Account Manager
Object Type: SAM_SERVER
Object Name: SAM
New Handle ID: 791480
Operation ID: {0,39733063}
Process ID: 248
Primary User Name: Name of my-WEBSERVER$
Primary Domain: Name of my workgroup
Primary Logon ID: (0x0,0x3E7)
Client User Name: ANONYMOUS LOGON
Client Domain: NT AUTHORITY
Client Logon ID: (0x0,0x25E2EB8)
Accesses EnumerateDomains
LookupDomain

Privileges -

After this event I see hundreds of attempts to real accountnames on my server, and all my accounts go locked out.

This means (I think) that it is possible to lookup this information anonymous

Anyone any idea how I can stop this ?

 

[tfg13]

Do you have Microsoft Baseline Security Analyzer (MBSA)? This tool helps in locking down your server, and in some cases gives you details on how to lock it down. Try it, it helps.

 

[tfg13]

By the way, in case the MBSA doesn't tell you, go into Internet services manager, right click you default web site (and any others that you have) choose properties. Go to the Directory Security tab, click on edit under the "anonymous access and authentication control" and uncheck "anonymous access". I would also make sure you have "integrated windows authentication" checked under the authentication control section.

 

[GerritR]

Hi tfg13

I used MBSA and found some problems.
I have now set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentCotrolSet\Control\LSA\RestrictAnonymus key from 0 to 2
All websites still work.
Hope it works.

Thanks for your help.