Audit Kerberos Authentication Service

This security policy setting allows you to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful attempts and Failure audits record unsuccessful attempts.

Event volume: High on Kerberos Key Distribution Center servers

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

  • 4768: A Kerberos authentication ticket (TGT) was requested.
  • 4771: Kerberos pre-authentication failed.
  • 4772: A Kerberos authentication ticket request failed.

Scope: 

Computer

Default: 

Not configured

Related content