![]() ![]() Then Kerberos service ticket events allows you to track which computers and services the user accesses throughout the network.Ĭoverage on events generated by this category are currently in the Security Log Encyclopedia :Ī Kerberos authentication ticket (TGT) was requested.Ī Kerberos authentication ticket request failed. At any rate, these TGT events are useful for documenting a user's initial authentication to the Windows network. In Windows the domain controller fulfills both of these Kerberos roles. The Stateful Kerberos Authentication profile requires that you specify a server group, which includes the Kerberos servers and the role assigned to. In Kerberos, you must first obtain a ticket granting ticket (TGT) from the Kerberos Authentication Server which authenticates you to the Kerberos Key Distrition Center (KDC). ![]() This category tracks authentication ticket events. There are 2 types of Kerberos tickets: authentication tickets (aka ticket granting tickets) and service tickets. Kerberos is Windows' default authentication protocol. ![]() Windows 7 and Server 2008 R2 can use Group Policy. This category is only logged on domain controllers. To configure this on Server 2008 and Vista you must use auditpol. WinSecWiki > Security Settings > Local Policies > Audit Policy > Account Logon > Kerberos Auth Service
0 Comments
Leave a Reply. |