Attempted to open LSA policy, threat?

[Guest Brock Hensley]

Source: LsaSrv

Event ID: 6033

 

An anonymous session connected from DESTRUCTOR has attempted to open an LSA

policy handle on this machine. The attempt was rejected with

STATUS_ACCESS_DENIED to prevent leaking security sensitive information to

the anonymous caller.

The application that made this attempt needs to be fixed. Please contact

the application vendor. As a temporary workaround, this security measure can

be disabled by setting the

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock

DWORD value to 1.

This message will be logged at most once a day.

 

 

I've been seeing this lately on a few different servers. Can anyone please

explain what exactly it is and if I should be concerned.

 

Thank You,

-B