Anonymous Logons, as per my understanding, is basically an unauthenticated user used to perform AD or LDAP queries. Higher Management in our IT department wants to get rid of Anonymous Logon without disabling it as Anonymous Logons/NT Authority accounts are used by Endpoint Protections and other services. So, the point is, how to get rid of Anonymous Logon without completely disabling it.
If you want avoid to disable Anonymous logon through GPO in order to avoid interruption and disruption of some services, in this case you should identify the IP and the applications/services are using Anonymous logon from event viewer of domain controllers then ask the editor to check the authentication method used by his application and challenge him to avoid logging as anonymous.
Hello
Yes, you are correct in the assumption. The way to remove Anonymous Logon on each server would be:
Type "regedit" in the box and click "Ok" button
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Change the value of "RestrictAnonymous" from "0" to "1"
Exit regedit and reboot the server
You can additionally deploy this to a group of machines, using a GPO registry change using:
Open the Group Policy Management Console (gpmc.msc);
Create a new (or edit an existing) GPO, and link it to the appropriate Active Directory Organizational Unit. After that, switch it to the GPO Edit mode;
Expand the following GPO section: Computer (or User) Configuration > Preferences > Windows Settings > Registry. Select in the context menu: New > Registry Item
As a default, set the policy option to the Update mode.
Introduce the parameters required for the path, key and values.
--If the reply is helpful, please Upvote and Accept as answer--
