Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Log Name: Security
- Source: Microsoft-Windows-Security-Auditing
- Date: 02.04.2020 13:53:55
- Event ID: 4768
- Task Category: Kerberos Authentication Service
- Level: Information
- Keywords: Audit Success
- User: N/A
- Computer: dc01-4.NewCo.ptlab
- Description:
- A Kerberos authentication ticket (TGT) was requested.
- Account Information:
- Account Name: Administrator
- Supplied Realm Name: NEWCO
- User ID: NEWCO\Administrator
- Service Information:
- Service Name: krbtgt
- Service ID: NEWCO\krbtgt
- Network Information:
- Client Address: ::1
- Client Port: 0
- Additional Information:
- Ticket Options: 0x40810010
- Result Code: 0x0
- Ticket Encryption Type: 0x12
- Pre-Authentication Type: 2
- Certificate Information:
- Certificate Issuer Name:
- Certificate Serial Number:
- Certificate Thumbprint:
- Certificate information is only provided if a certificate was used for pre-authentication.
- Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
- Event Xml:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
- <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
- <EventID>4768</EventID>
- <Version>0</Version>
- <Level>0</Level>
- <Task>14339</Task>
- <Opcode>0</Opcode>
- <Keywords>0x8020000000000000</Keywords>
- <TimeCreated SystemTime="2020-04-02T10:53:55.671477800Z" />
- <EventRecordID>3210256</EventRecordID>
- <Correlation />
- <Execution ProcessID="640" ThreadID="2024" />
- <Channel>Security</Channel>
- <Computer>dc01-4.NewCo.ptlab</Computer>
- <Security />
- </System>
- <EventData>
- <Data Name="TargetUserName">Administrator</Data>
- <Data Name="TargetDomainName">NEWCO</Data>
- <Data Name="TargetSid">S-1-5-21-473447165-2333059648-1334417953-500</Data>
- <Data Name="ServiceName">krbtgt</Data>
- <Data Name="ServiceSid">S-1-5-21-473447165-2333059648-1334417953-502</Data>
- <Data Name="TicketOptions">0x40810010</Data>
- <Data Name="Status">0x0</Data>
- <Data Name="TicketEncryptionType">0x12</Data>
- <Data Name="PreAuthType">2</Data>
- <Data Name="IpAddress">::1</Data>
- <Data Name="IpPort">0</Data>
- <Data Name="CertIssuerName">
- </Data>
- <Data Name="CertSerialNumber">
- </Data>
- <Data Name="CertThumbprint">
- </Data>
- </EventData>
- </Event>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement