deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update event-4624.md

Browse Source 
add note that not all fields will be populated always. Hair-splitter customers will complain about empty fields
This commit is contained in:
Herbert Mauerer 2024-01-24 13:29:56 +01:00 committed by GitHub
parent 3012b170ff
commit 270351d0a7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/auditing/event-4624.md
View File

@ -250,6 +250,9 @@ This event generates when a logon session is created (on destination machine). I
- **Source Port** [Type = UnicodeString]: source port which was used for logon attempt from remote machine.
- 0 for interactive logons.
> [!NOTE]
The fields for IP address/port and workstation name are populated depending on the authentication context and protocol used. LSASS will audit the information the authenticating service shares with LSASS. For example, network logons with Kerberos likely have no workstation information, and NTLM logons have no TCP/IP details.
**Detailed Authentication Information:**