Hello,
I am just testing anonymous LDAP access to Active Directory on Windows 2003. I have enable anonymous access in the dsHeuristics. Pre-Windows 2000 Compatible Access group contains ANONYMOUS LOGON as its member. I can successfully bind and also list domain contents using LDP (bind with credentials - empty). The Security log on the DC shows event 540 Successful network logon, logon type 3, user NT AUTHORITY\ANONYMOUS LOGON.
Up to this point, everything is perfectly fine.
But. I have assigned the ANONYMOUS LOGON the right "Deny access to this computer from network" and I have also removed everything except for Authenticated Users from the "Allow access to this computer from network" user right.
Still, I can bind and browse the directory. The security log still shows the 540 network logon event for ANONYMOUS LOGON. How it is possible? I thought that I denied network logon for ANONYMOUS USER through the user rights, but it does not take effect.
ondrej.