W
Will
In general I'm familiar with Event ID 534, which is a Security Eventviewer
log message that indicates that "the user has not been granted the requested
logon type at this machine". What is confusing me is that I frequently
see these eventids with a logon type of 3 (network logon) where the username
and domain are *blank*. Workstation name is also blank. I thought
that this might be an anonymous logon request, but what is all the more
perplexing is that the logon process is Kerberos.
What are the possible sources of such a request?
log message that indicates that "the user has not been granted the requested
logon type at this machine". What is confusing me is that I frequently
see these eventids with a logon type of 3 (network logon) where the username
and domain are *blank*. Workstation name is also blank. I thought
that this might be an anonymous logon request, but what is all the more
perplexing is that the logon process is Kerberos.
What are the possible sources of such a request?