Event ID: 4769A Kerberos service ticket was requested
A Kerberos service ticket was requested. Account Information: Account Name: %1 Account Domain: %2 Logon GUID: %10 Service Information: Service Name: %3 Service ID: %4 Network Information: Client Address: %7 Client Port: %8 Additional Information: Ticket Options: %5 Ticket Encryption Type: %6 Failure Code: %9 Transited Services: %11 This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested. This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket. Ticket options, encryption types, and failure codes are defined in RFC 4120.
Generated every time Key Distribution Center gets a Kerberos Ticket Granting Service (TGS) ticket request.
It's generally not necessary to audit this event although it may help with the detection of unauthorized access.
ISO 27001:2013 A.12.4.3
NIST 800-171: 3.1.1
NIST SP 800-53: AC-2
HIPAA: 164.308 (a)(5)(ii)(C)
|Ticket Encryption Type||TicketEncryptionType||%6||Any||View Codes|
|Failure Code||Status||%9||Any||View Codes|
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Kerberos Service Ticket Operations"
LEFT/RIGHT arrow keys for navigationBack to List