The cba_anonymous account is created by the LANDESK Management Agent (CBA) whenever an anonymous connection is reqested. It is created as a member of the local machines Guest group.
Q. How does LANDESK manage client access?
A. When a connection is made to CBA, the account will be created to provide the connection with guest account rights.
Q. Who creates the password and where does it get stored?
A. The password used by the account is randomly generated and stored securely in memory only. The generated password consists of multiple random generated sections using OpenSSL to meet even the most stringent password complexity requirements. Since the password is stored ONLY in memory it will be regenerated on reboot, service restart, or if the current session has expired.
Q. Is there a way to remove the cba_annoymous account after an install and a log off?
A. The account is used with a randomly generated password for CBA communication. If the account is removed it will be recreated when needed.
Q. Is this account created on all Windows Operating Systems?
A. All Windows NT based Operating Systems use this account.
Q. Is this account created as a domain account?
A. No. cba_anonymous is a local account. The only time it will appear as a domain account is if the LANDESK agent is installed on a Domain Controller.
Q. Can I disable the cba_anonymous account?
A. No. The LANDESK core server calls cba_anonymous to do an LDping function on the client web service to verify the client prior to executing any functions on the remote agent. The LDping returns the host name and LANDESK Device ID. These are verified prior to the execution of a task on a managed node by the core server using the cba_anonymous account. Without this information, you will not be able to manage any machines as they will appear to be “off” since they can’t be discovered.