Kerberos errors

Discussion in 'Server Security' started by Frank, Jun 24, 2004.

  1. Frank

    Frank Guest

    small DC w2k, 10 clients, 5 xp pro, 5 w98se. I get many kerberos errorsin my
    log files. No user, or any defining data? I have researched and found that
    this is expected with down level clients. Is this true and can I filter
    these out of the log without removing things I do want to see?
    Thanks,
    Frank L
     
    Frank, Jun 24, 2004
    #1
    1. Advertisements

  2. Frank

    Roger Abell Guest

    Let us assume your research is accurate, that the messages
    are unavoidable when you have 5 Kerberos-ignorant clients.
    Whether you can accomplish what you are after depends on
    what event messages you do have interest in seeing.
    In the GPOs linked to the Domain Controllers OU you can
    set the Auditing policies
    (Comp Config / Windows / Security / Local Policy / Audit Policy)
    at a fairly course grain, enabling/disabling recording of success
    or failure events. If you disable the auditing category that is
    causing the messages you want to avoid seeing, whether you
    will loose event messages of interest will depend on which
    category of audit messages and what sources of messages are
    involved.

    As far as a tool supplied with Windows to view the event logs
    with "negetive filtering", i.e. show all msgs except . . . , I do
    not believe you will find joy. You might want to look into the
    EventCombMT tool from MS, which allows you to define views
    into the event logs (from multiple machines, which might not
    apply in your case) and have these available for future use.
    For EventCombMT:
    http://www.microsoft.com/downloads/...familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e
     
    Roger Abell, Jun 24, 2004
    #2
    1. Advertisements

  3. Frank

    GRCC Guest

    Thanks for your advice.
    Frank L

     
    GRCC, Jun 24, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.