Audit Kerberos Authentication Service

  • Article

Applies To: Windows 7, Windows Server 2008 R2

This security policy setting allows you to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.

If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful attempts and Failure audits record unsuccessful attempts.

Event volume: High on Kerberos Key Distribution Center servers

Default: Not configured

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

Event ID Event message

4768

A Kerberos authentication ticket (TGT) was requested.

4771

Kerberos pre-authentication failed.

4772

A Kerberos authentication ticket request failed.