I am doing audit review for my company. In a server I can see in the log for EID - 540 from which workstation the access is made.
Here I is the see log details:
"Successful Network Logon: User Name: $nrddu Domain: sdap Logon ID: (0x0,0x5F637364) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: Htf1
Here I can not see the same in the server :
"Successful Network Logon: User Name: $nrddu Domain: sdap Logon ID: (0x0,0x5F669D39) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name:
Is there any differnace in this NtLmSsp Authentication Package and Kerberos Authentication Package in capturing the logs...
Kishore