An anonymous session connected from LOCALMACHINENAME has attempted to
open an LSA policy handle on this machine. The attempt was rejected
with STATUS_ACCESS_DENIED to prevent leaking security sensitive
information to the anonymous caller.
The application that made this attempt needs to be fixed. Please
contact the application vendor. As a temporary workaround, this
security measure can be disabled by setting the
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\Lsa\TurnOffAnonymousBlock
DWORD value to 1.
http://support.microsoft.com/kb/839569
http://www.antionline.com/showthread.php?249223-LSA-Policy-Windows-2003-Server
The LSA (Local Security Authority) stores alot of information known as
'LSA secrets' which include usernames,trust releationships,RAS
information and tons of other stuff. There is a program called LSADUMP2
that can be run to dump these secrets but I believe this requires
physical access and probably admin rights as well, however the log
indicates to me someone tried to query an LSA policy object from your
machine using an anonymous session which on a vulnerable NT machine
could be used to dislose user account names but since you are using W2k3
I wouldnt worry about it, most likely an automated scanner looking for
old NT boxes.
I would however worry about getting a firewall.
Subscribe to:
Post Comments (Atom)
LibreOffice
Firefox
OpenSUSE
No comments:
Post a Comment