Check on the DC server the logs:
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
*[System[(EventID=4624)]]
and
*[EventData[Data[@Name='AuthenticationPackageName']='NTLM']]
and
*[EventData[Data[@Name='TargetUserName']!='ANONYMOUS LOGON']]
</Select>
</Query>
</QueryList>
How to Disable NTLM Authentication in Windows Domain? | Windows OS Hub (woshub.com)
No hay comentarios:
Publicar un comentario