So I have a Windows Server 2016 domain and whenever changing a password in Active Directory, even when creating a new account, anonymous logon is being written to the logs (event 4738) even though I'm logged in with a domain administrator account. It does this no matter who makes the password change. I have the following settings applied through group policy and have verified in the registry but it is still occurring:
Network access: Allow anonymous SID/Name translation - Disabled
Network access: Do not allow anonymous enumeration of SAM accounts - Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares -Enabled
Network access: Let Everyone permissions apply to anonymous users - Disabled
Network access: Named Pipes that can be accessed anonymously - Enabled and empty
Network access: Shares that can be accessed anonymously - Enabled and empty
For a little bit more information every time I reset a password on the system 3 User Account Management security audit success logs are written. 4767 and 4724 list the correct admin account that made the change. But then 4738 has ANONYMOUS LOGON as the account that made the change. I don't view this as an issue but security is requiring that the anonymous logon not be written ever and it shouldn't be with it disabled in group policy and registry.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 50%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)