Re: Kerberos errors
From: GRCC (grccnews_at_nospamadelphia.net)
Date: 06/24/04
- Previous message: Mike Danseglio [MSFT]: "Re: Upcoming security chat: Windows Passwords: Everything You Need to Know"
- In reply to: Roger Abell: "Re: Kerberos errors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Jun 2004 15:02:41 -0400
Thanks for your advice.
Frank L
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:uyZHuXbWEHA.1152@TK2MSFTNGP09.phx.gbl...
> Let us assume your research is accurate, that the messages
> are unavoidable when you have 5 Kerberos-ignorant clients.
> Whether you can accomplish what you are after depends on
> what event messages you do have interest in seeing.
> In the GPOs linked to the Domain Controllers OU you can
> set the Auditing policies
> (Comp Config / Windows / Security / Local Policy / Audit Policy)
> at a fairly course grain, enabling/disabling recording of success
> or failure events. If you disable the auditing category that is
> causing the messages you want to avoid seeing, whether you
> will loose event messages of interest will depend on which
> category of audit messages and what sources of messages are
> involved.
>
> As far as a tool supplied with Windows to view the event logs
> with "negetive filtering", i.e. show all msgs except . . . , I do
> not believe you will find joy. You might want to look into the
> EventCombMT tool from MS, which allows you to define views
> into the event logs (from multiple machines, which might not
> apply in your case) and have these available for future use.
> For EventCombMT:
>
http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Frank" <stratster68@IHATESPAMworldnet.att.net> wrote in message
> news:euZRowZWEHA.3024@TK2MSFTNGP09.phx.gbl...
> > small DC w2k, 10 clients, 5 xp pro, 5 w98se. I get many kerberos
errorsin
> my
> > log files. No user, or any defining data? I have researched and found
that
> > this is expected with down level clients. Is this true and can I filter
> > these out of the log without removing things I do want to see?
> > Thanks,
> > Frank L
> >
> >
>
>
- Previous message: Mike Danseglio [MSFT]: "Re: Upcoming security chat: Windows Passwords: Everything You Need to Know"
- In reply to: Roger Abell: "Re: Kerberos errors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
