ANONYMOUS LOGON Print Jobs Appear in Print Queue from Users Who Are Logged on to the Domain (323909)
The information in this article applies to:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
This article was previously published under Q323909 SYMPTOMS
Print jobs that are reported by event ID 10 in the System Event log and banner pages may indicate that they are owned by ANONYMOUS LOGON. Additionally, if the RestrictAnonymous key is set to level 2, and the Everyone group was removed from the permissions of the Spool folder, the spooler stops responding (hangs).
Log Entry Example
Event Type: Information
Event Source: Print
Event Category: None
Event ID: 10
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: computer name
Description:
Document 1, Test - Notepad owned by ANONYMOUS LOGON was printed on HP LaserJet 4Si via port LPT1:. Size in bytes: 818; pages printed: 1
CAUSE
The Windows NT 4.0 spooler on the client tried to close the remote printer by using the SYSTEM account instead of impersonating the user who originally opened the printer. The SYSTEM account tried to do this under the following conditions:
- When it spooled a GDI print message.
- The local spooler was under load.
- It was necessary to create another RPC connection to the computer.
Under these conditions, a NULL session pipe is created with no credentials.
RESOLUTIONA supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem. To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site: Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix has the following file attributes (or later):
Date Time Version Size File name
--------------------------------------------------------
31 May 2002 17:26 4.0.1381.7165 1,254,608 Win32k.sys
31 May 2002 17:28 4.0.1381.7159 327,440 User32.dll
31 May 2002 17:28 4.0.1381.7102 175,888 Winsrv.dll
31 May 2002 17:28 4.0.1381.7155 169,744 Gdi32.dll
WORKAROUND
You do not have to use this workaround if the hotfix is installed on all of the clients that are printing to the print server. A client is defined as any computer, including servers and workstations, that sends print jobs to a print server. However, to prevent the spooler from hanging and continue to occasionally print ANONYMOUS LOGON print jobs, you can restore the permissions on the Spool folder, or restore the default setting on the RestrictAnonymous setting to 0 or 1:
- View the %SystemRoot%\System32\Spool\Printers folder.
- Add the Everyone group with Full Control rights.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
| Modification Type: | Minor | Last Reviewed: | 10/18/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbenv kbfix kbQFE kbui KB323909 |
|---|
|