NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

We have a Win 2000 Terminal server that user use to run a particular
application. We also have a Windows 2003 Server which is running a MSSQL
database.
In the event Log of the SQL server we are seeing the following NT
AUTHORITY\ANONYMOUS LOGON event occur every 12 minutes. No idea since we have
disabled Anonymouse Logon.

Here's an example of the event log, which is repeated every 12 minutes:
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 10/6/2005
Time: 10:51:37 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: AMEDMAHCMEPS03
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x759A8F2)
Logon Type: 3


*********************Following Entry Here*********************

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 10/6/2005
Time: 10:51:37 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: AMEDMAHCMEPS03
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x759A8F2)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: AMEDTSMAHC001
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 143.83.63.197
Source Port: 0

The 12 minute interval is what the computer browser service uses to
maintained the browse list that is used by My Network Places and browse list
maintenance uses "null" connections which probably explains why you are
seeing the anonymous logon events in the security log. Try running the
command nbtstat -n to see if it shows the computer is a browse master or
back up browse master. A domain controller will usually be a master browser
or back up browser master. If the computer is not a domain controller and
you are certain you do not need file and print sharing on that computer you
can disable it and you will probably see those anonymous logons go away
though I would not consider them a security risk. You could also try
disabling the computer browser service if you want to keep using file and
print sharing. The links below explain more on the computer browser service
and what null sessions are used for.

If that is the origin you can also tweak the reg key controlling
whether the machine is allowed to be a master or backup master
browser so that it does not participate.

I believe disabling the disabling the computer browser service will do the
same thing. Pre Windows 2000 I used to use the registry mods. I don't know
if there could be any further consequences from disabling the computer
browser service but I have not noticed any as of yet but service names
surely can be misleading with the major candidate being tcp/ip netbios
helper service which would lead on to believe that you could disable it if
you are not using netbios over tcp/ip yet it is considered a core service
and can muck up things considerably if disabled. -- Steve