Enable the Windows Event Viewer to Log Kerberos Authentication Attempts
The following task shows how to configure Windows Group Policy Object (GPO) security settings to enable the Windows Event Viewer to log successful and unsuccessful Kerberos authentication attempts. The passive identity agent reads user sessions from the Event Viewer so this setting is required for the passive identity agent to function properly.
For more information, see System audit policy recommendations on learn.microsoft.com.
Procedure
Step 1 | Log in to the Active Directory Server as an administrator. |
Step 2 | As Administrator, open a DOS command prompt. |
Step 3 | Enter gpmc.msc to start the Group Policy Management Editor. |
Step 4 | If necessary, create a new GPO; if one already exists, edit it. For more information about creating a GPO, see a resource like Create a Group Policy Object on learn.microsoft.com. |
Step 5 | In your GPO, expand . |
Step 6 | Click Account Logon. |
Step 7 | In the right pane, double-click Audit Kerberos Authentication Service. |
Step 8 | In the dialog box that is displayed, select all checkboxes which enables the system to log successes and failures. The following figure shows an example.
|
Step 9 | Follow the prompts on your screen to save the changes. |
Step 10 | (Optional.) To update GPO immediately, enter gpupdate /force in your DOS command prompt window. |
