NTLM Audit Log investigation

Gopi Ponnusamy 41 Reputation points
2021-08-13T11:27:39.663+00:00

Hi Guys,

I have enable the NTLM audit in Domain controllers and i got the below logs on Microsoft-Windows-NTLM/Operational

Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
Secure Channel name: Print1
User name: Rohit$@jayjay6734 .com
Domain name: lab.com
Workstation name: Client1
Secure Channel type: 2

can anyone help me to understand this logs.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,620 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.