Understanding Authentication Events in the Windows 2003 and 2008 Security Logs

Webinar Registration

Domain controller security logs give you a centralized view of all domain account authentication for your entire network.  

From your DC logs alone, you can determine when each user logged on, from which workstation and then which servers they accessed.  

However, these authentication events are closely tied to Kerberos ticket operations.  Also, these events change greatly between Windows 2000 and 2003 and even more radically with Windows Server 2008.  Finally there's lots and lots of noise events generated by Kerberos that you can filter out if you know what to look for.

In this webinar I will take you on a deep dive into understanding authentication events generated by Kerberos and show you how to correctly interpret logs generated by Windows 2000, 2003 and 2008 domain controllers.

At the end of this webinar you will be able to:
- Pinpoint when and where users initially logon to the network
- Track them from their workstations to the servers they subsequently access
- Decode authentication failure codes
- Deduce where password guessing attacks are coming from
- Distinguish authentication events generated by Exchange and IIS applications from normal workstation logons
- Filter out Kerberos noise
First Name:   
Last Name:   
Work Email:  
Job Title:  
Street Address:
Zip :
Industry :

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources