When the BladeLogic agent allows access to a Windows server, it achieves an effective user mapping via NT Impersonation, a mechanism by which one can essentially map to a local user. It is possible to leave the user mapping blank, thereby mapping to 'Anonymous' (or so agentinfo deems it). What are the actual permissions of this 'Anonymous' account? Are they equivalent to the permissions of the BladeLogicRSCD user? Or does the Anonymous mapping inherit the privileges of some low-level local group, such as Users?