Microsoft KB Archive/323909

= ANONYMOUS LOGON Print Jobs Appear in Print Queue from Users Who Are Logged on to the Domain =

Article ID: 323909

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT 4.0 Service Pack 1
 * Microsoft Windows NT 4.0 Service Pack 2
 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



This article was previously published under Q323909



SYMPTOMS
Print jobs that are reported by event ID 10 in the System Event log and banner pages may indicate that they are owned by ANONYMOUS LOGON. Additionally, if the RestrictAnonymous key is set to level 2, and the Everyone group was removed from the permissions of the Spool folder, the spooler stops responding (hangs).

Log Entry Example
Event Type: Information

Event Source: Print

Event Category: None

Event ID: 10

User: NT AUTHORITY\ANONYMOUS LOGON

Computer:

Description:

Document 1, Test - Notepad owned by ANONYMOUS LOGON was printed on HP LaserJet 4Si via port LPT1:. Size in bytes: 818; pages printed: 1



CAUSE
The Windows NT 4.0 spooler on the client tried to close the remote printer by using the SYSTEM account instead of impersonating the user who originally opened the printer. The SYSTEM account tried to do this under the following conditions:
 * When it spooled a GDI print message.
 * The local spooler was under load.
 * It was necessary to create another RPC connection to the computer.

Under these conditions, a NULL session pipe is created with no credentials.



RESOLUTION
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix has the following file attributes (or later):

  Date         Time   Version        Size       File name 31 May 2002 17:26  4.0.1381.7165  1,254,608  Win32k.sys 31 May 2002 17:28  4.0.1381.7159    327,440  User32.dll 31 May 2002 17:28  4.0.1381.7102    175,888  Winsrv.dll 31 May 2002 17:28  4.0.1381.7155    169,744  Gdi32.dll



WORKAROUND
You do not have to use this workaround if the hotfix is installed on all of the clients that are printing to the print server. A client is defined as any computer, including servers and workstations, that sends print jobs to a print server. However, to prevent the spooler from hanging and continue to occasionally print ANONYMOUS LOGON print jobs, you can restore the permissions on the Spool folder, or restore the default setting on the RestrictAnonymous setting to 0 or 1:
 * 1) View the %SystemRoot%\System32\Spool\Printers folder.
 * 2) Add the Everyone group with Full Control rights.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
143474 Restricting Information Available to Anonymous Logon Users

Keywords: kbbug kbfix kbqfe kbenv kbui kbhotfixserver KB323909

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.