Re: DCOM access from a different domain (yes another accessdenied question)

Tech-Archive recommends: Speed Up your PC by fixing your registry

I still can't get anonymous logon to work, even when I enable the guest
account. The security audit log continues to say "Unknown user name or bad
password" when I try to connect, rather than "ANONYMOUS LOGON".
Interestingly I do get successful anonymous logon messages from applications
accessing COM+ on this machine.

I am not sure where to disable "Restrict anonymous access" - is this the
policy "Network access:Restrict anonymous access to Named Pipes and Shares"?

I originally hoped that having an account in the domain with a matching
username and password to the out-of-domain account would work. Does this no
longer work on 2003 SP1?

""Jeffrey Tan[MSFT]"" <jetan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:j%23qSeK%23dGHA.188@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Graham,

Below is the feedback I got from internal consulting:

In Window Server 2003:

1. The guest account is disabled by default -- no anonymous logon.
2. Restrict Anonymous access is enabled.

Anonymous logon does not work unless you enable the Guest account in
Server
2003 -- A serious security RISK. Not recommended.

Disabling Restrict Anonymous access opens up the server to a higher
potential for compromise -- anyone can read the list of users accounts and
attempt a dictionary password attack.

An unprivileged user account with a password assigned on the required
permissions would be a better choice in this situation.

Hope this helps

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.



.

Relevant Pages

  • Re: XPSP 2 upgrade, now OE does not work, Messages:
    ... those errors denote problems on Hotmail's end. ... Has the account ever worked in OE? ... "transparent proxy server" which does not support WebDAV. ... (Anonymous Logon & Prompt for... ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Anonymous change of passwords?
    ... anonymous logon is used to open a session anonymous on your pc (for example ... breach because most of the time we don't change this account password define ... In the security log I found the ... > Audit Account Management ...
    (microsoft.public.security)
  • Re: Possible to run an ASP.NET page as ANONYMOUS LOGON?
    ... and I was hoping I could show the Anonymous Logon account instead of IUSR to ... default IUSR. ... impersonate noone and set a separate worker process identity in IIS6. ... I've explicitly granted access to this file to ANONYMOUS LOGON. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Disabled IIS Anonymous account
    ... are authenticating with the IUSR_computername account. ... The anonymous logon ... events you are seeing are probably normal system "null" connections that are ... used by the browse service and other system network connections. ...
    (microsoft.public.win2000.security)
  • Re: Anonymous Acccess to File Share on Windows Server 2003
    ... I checked that the share and NTFS permissions include Everyone (as well as ... Guest as well as ANONYMOUS LOGON). ... I checked the two local security options you mention below and made sure ... The "Access this computer from the network" has Everyone, ANONYMOUS LOGON, ...
    (microsoft.public.windows.server.security)