Log Name: SecuritySource: Microsoft-Windows-Security-AuditingDat

1. Log Name: Security
2. Source: Microsoft-Windows-Security-Auditing
3. Date: 02.04.2020 13:53:55
4. Event ID: 4768
5. Task Category: Kerberos Authentication Service
6. Level: Information
7. Keywords: Audit Success
8. User: N/A
9. Computer: dc01-4.NewCo.ptlab
10. Description:
11. A Kerberos authentication ticket (TGT) was requested.
12.  
13. Account Information:
14. Account Name: Administrator
15. Supplied Realm Name: NEWCO
16. User ID: NEWCO\Administrator
17.  
18. Service Information:
19. Service Name: krbtgt
20. Service ID: NEWCO\krbtgt
21.  
22. Network Information:
23. Client Address: ::1
24. Client Port: 0
25.  
26. Additional Information:
27. Ticket Options: 0x40810010
28. Result Code: 0x0
29. Ticket Encryption Type: 0x12
30. Pre-Authentication Type: 2
31.  
32. Certificate Information:
33. Certificate Issuer Name:
34. Certificate Serial Number:
35. Certificate Thumbprint:
36.  
37. Certificate information is only provided if a certificate was used for pre-authentication.
38.  
39. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
40. Event Xml:
41. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
42. <System>
43. <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
44. <EventID>4768</EventID>
45. <Version>0</Version>
46. <Level>0</Level>
47. <Task>14339</Task>
48. <Opcode>0</Opcode>
49. <Keywords>0x8020000000000000</Keywords>
50. <TimeCreated SystemTime="2020-04-02T10:53:55.671477800Z" />
51. <EventRecordID>3210256</EventRecordID>
52. <Correlation />
53. <Execution ProcessID="640" ThreadID="2024" />
54. <Channel>Security</Channel>
55. <Computer>dc01-4.NewCo.ptlab</Computer>
56. <Security />
57. </System>
58. <EventData>
59. <Data Name="TargetUserName">Administrator</Data>
60. <Data Name="TargetDomainName">NEWCO</Data>
61. <Data Name="TargetSid">S-1-5-21-473447165-2333059648-1334417953-500</Data>
62. <Data Name="ServiceName">krbtgt</Data>
63. <Data Name="ServiceSid">S-1-5-21-473447165-2333059648-1334417953-502</Data>
64. <Data Name="TicketOptions">0x40810010</Data>
65. <Data Name="Status">0x0</Data>
66. <Data Name="TicketEncryptionType">0x12</Data>
67. <Data Name="PreAuthType">2</Data>
68. <Data Name="IpAddress">::1</Data>
69. <Data Name="IpPort">0</Data>
70. <Data Name="CertIssuerName">
71. </Data>
72. <Data Name="CertSerialNumber">
73. </Data>
74. <Data Name="CertThumbprint">
75. </Data>
76. </EventData>
77. </Event>