Created
December 9, 2011 06:43
-
-
Save adamcrosby/1450517 to your computer and use it in GitHub Desktop.
k5 tgs result
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Log Name: Security | |
| Source: Microsoft-Windows-Security-Auditing | |
| Date: 12/9/2011 1:40:12 AM | |
| Event ID: 4769 | |
| Task Category: Kerberos Service Ticket Operations | |
| Level: Information | |
| Keywords: Audit Success | |
| User: N/A | |
| Computer: WIN-4HVNH532NHD.k5test.local | |
| Description: | |
| A Kerberos service ticket was requested. | |
| Account Information: | |
| Account Name: [email protected] | |
| Account Domain: K5TEST.LOCAL | |
| Logon GUID: {38f097f5-75c7-9eb3-02ad-87ea48279a97} | |
| Service Information: | |
| Service Name: CLIENTA$ | |
| Service ID: K5TEST\CLIENTA$ | |
| Network Information: | |
| Client Address: ::ffff:192.168.107.137 | |
| Client Port: 60827 | |
| Additional Information: | |
| Ticket Options: 0x40810000 | |
| Ticket Encryption Type: 0x12 | |
| Failure Code: 0x0 | |
| Transited Services: - | |
| This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested. | |
| This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket. | |
| Ticket options, encryption types, and failure codes are defined in RFC 4120. | |
| Event Xml: | |
| <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> | |
| <System> | |
| <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> | |
| <EventID>4769</EventID> | |
| <Version>0</Version> | |
| <Level>0</Level> | |
| <Task>14337</Task> | |
| <Opcode>0</Opcode> | |
| <Keywords>0x8020000000000000</Keywords> | |
| <TimeCreated SystemTime="2011-12-09T06:40:12.162740300Z" /> | |
| <EventRecordID>2253</EventRecordID> | |
| <Correlation /> | |
| <Execution ProcessID="480" ThreadID="1128" /> | |
| <Channel>Security</Channel> | |
| <Computer>WIN-4HVNH532NHD.k5test.local</Computer> | |
| <Security /> | |
| </System> | |
| <EventData> | |
| <Data Name="TargetUserName">[email protected]</Data> | |
| <Data Name="TargetDomainName">K5TEST.LOCAL</Data> | |
| <Data Name="ServiceName">CLIENTA$</Data> | |
| <Data Name="ServiceSid">S-1-5-21-1732429316-2022558100-1905368437-1104</Data> | |
| <Data Name="TicketOptions">0x40810000</Data> | |
| <Data Name="TicketEncryptionType">0x12</Data> | |
| <Data Name="IpAddress">::ffff:192.168.107.137</Data> | |
| <Data Name="IpPort">60827</Data> | |
| <Data Name="Status">0x0</Data> | |
| <Data Name="LogonGuid">{38F097F5-75C7-9EB3-02AD-87EA48279A97}</Data> | |
| <Data Name="TransmittedServices">-</Data> | |
| </EventData> | |
| </Event> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment