I can see that the cba_anonymous user is automatically added with the permissions "Log on as a batch job". To verify this, go into gpedit.msc and navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment. Open "Log on as a batch job".
I would like to know if this is required for proper LANDesk functionality. My company is in the process of hardening servers based on the DISA STIG and this item (no users or groups other than Administrators must have this right) is currently failing due to LANDesk.
If it is required for proper functionality, I would need documentation stating such.
Sure, I could simply remove this user from this setting and see what happens... but I was hoping for some documentation from LANDesk, or even someone else's experience with it.