Process logon can be one of the following.
| Process | Descriptions |
| Advapi | API calls to LogonUser |
Microsoft Internet Information Services (IIS) | Logons using the Anonymous account or logon attempts using basic or digest authentication |
LAN Manager Workstation Service | Logon attempts using the LAN Manager (LM) protocol |
Kerberos | Calls from the Kerberos Security Support Provider (SSP) |
| KSecDD | Network connections |
| NT LAN Manager (NTLM) or NTLM Security Support Provider (NtLmSsp) | Logon attempts using the NTLM protocol |
| Service Control Manager (SCMgr) | Service logon attempts |
Seclogon | Logon attempts using the Runas command |
| User32 or WinLogon\MSGina | Interactive logon attempts |
The authentication package for logon attempt can be one of the following.
- Kerberos
- Negotiate
- NTLM
- Microsoft_Authentication_Package_v10
0 comments:
Post a Comment