What logon type for VPN access? Expand / Collapse
Author
Message
Posted 8/31/2009 11:22:49 AM
Forum Member

Forum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum Member

Group: Forum Members
Last Login: 2/24/2012 7:49:27 PM
Posts: 26, Visits: 12
Our users logon with the Cisco VPN client and I was wondering what logon type Microsoft considers this to be?

Thanks
Post #195
Posted 9/1/2009 6:08:04 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
I would need a lot more information! 

Are you referring to the what events are logged on the workstation or at the VPN server or domain controller?

Are we talking about an interactive logon to console of the workstation, or once logged on to the desktop, a VPN connection back to the corporate network? 

Does the VPN server integrate with AD or use it's own credentials?

Post #196
Posted 9/1/2009 10:17:30 AM
Forum Member

Forum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum Member

Group: Forum Members
Last Login: 2/24/2012 7:49:27 PM
Posts: 26, Visits: 12
Sorry about the lack of info:

Was referring to the events that get logged on the domain controller when a user logs in remotely throuh the VPN client. The VPN server does integrate with AD so the user authenticates against AD

Thanks

Post #199
Posted 9/2/2009 5:32:19 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
Windows separates logon and authentication. 

If Cisco VPN is using Kerberos to authenticate against AD you will see 672 - authentication ticket.  If it is using NTLM you will see 680.

Whenever the Windows client applies group policy you will see a network logon (540 not 528) with logon type 3 in the description.

Post #200
Posted 9/2/2009 10:27:17 AM
Forum Member

Forum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum MemberForum Member

Group: Forum Members
Last Login: 2/24/2012 7:49:27 PM
Posts: 26, Visits: 12
Randy,

Thank you for the information

Post #201
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 5:42am