Event Details
User Activity->Logons->Successful Logons->Windows 2008->EventID 4768 - A Kerberos authentication ticket (TGT) was requested - Success.
EventID 4768 - A Kerberos authentication ticket (TGT) was requested - Success.
 Sample: 
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/27/2009 9:58:02 PM
Event ID:      4768
Task Category: Kerberos Authentication Service
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      dcc1.Logistics.corp
Description:   
A Kerberos authentication ticket (TGT) was requested.
Account Information:
	Account Name:		DCC1$
	Supplied Realm Name:	                     LOGISTICS.CORP
	User ID:			S-1-5-21-1135140816-2109348461-2107143693-1000
Service Information:
	Service Name:		krbtgt
	Service ID:		                     S-1-5-21-1135140816-2109348461-2107143693-502
Network Information:
	Client Address:		::1
	Client Port:		                     0
Additional Information:
	Ticket Options:		0x40810010
	Result Code:		                     0x0
	Ticket Encryption Type:	                     0x12
	Pre-Authentication Type:	                     2
Certificate Information:
	Certificate Issuer Name:		
	Certificate Serial Number:	
	Certificate Thumbprint:		
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows Vista (2008)
Windows 7 (2008 R2)
Windows 8 (2012)
Windows 8.1 (2012 R2)
Windows 10 (2016)
Category Account Logon
Source Microsoft-Windows-Security-Auditing
TaskCategory Kerberos Authentication Service
EventId 4768
Type Success Audit
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. Account Name DCC1$
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Kerberos Authentication" Kerberos Authentication
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. Network Information: Client Address ::1
Severity Specify the seriousness of the event. "High" High
WhoDomain Account Information: Supplied Realm Name LOGISTICS.CORP
WhereDomain -
Result Successful or Failed. "Successful" Successful
Failure Reason "Successful" Successful
Comments
You must be logged in to comment