5 Replies Latest reply on Jun 21, 2012 1:11 PM by ICU

    CBA_anonymous - Management Options


      I have read the following LANDesk documentation regarding the CBA_anonymous but have a few additional questions.

      • What are the ramifications of disabling the cba_anonymous account? What won't be affected vs. what won't work?
      • How is an LDPing different from a regular ping, which requires no authentication?
      • What triggers automatic password resets for the cba_anonymous account and how frequently does that generally occur?
      • If I can manually change the cba_anonymous password, would it not be stored in the local SAM db of each server--not just in memory?
      • Can the Windows password be managed/changed by us, per corporate policy?
      • Is the cba_anonymous account created dynamically when a connection is made to the LANDesk CBA8 RPC Execute service, using Local System privileges?
      • "CBA_anonymous is an account that is created by CBA8 when an anonymous connection to it is created. It is a guest account." What are the security controls in place that limit anyone from using this logon?
      • Are there any controls that limit the use of this account to the LANDesk application only?

      Any assistance would be great.  This account exists on all Windows systems that has the LANDesk agent installed and I have to justify a case for or against disabling this account as a standard, or worse having to manage the password manually.


      Thank you for your help.