infoblox_nios:user-id
This is an old revision of the document!
NIOS User-ID
When using NIOS Identity Mapping, you need Kerberos auditing logs to be enabled on the domain controllers to get event_id 4624, event_id 4634 plus others.
event_id: 4624 identifies the user, IP address, first seen and last seen
Microsoft Configuration
First of all, check your auditing settings:
- In the
Group Policy Management Editor → Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy. Set the following audit policies:- Audit account management: “Success”
- Audit directory service access: “Success”
- Audit logon events: “Success” and “Failure”
- Alternatively, you can set Advanced audit policies: In the
Group Policy Management Editor → Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration → Audit Policies. Set the following audit policies:
- Account Logon
- Audit Kerberos Authentication Service: “Success, Failure”
- Audit Kerberos Service Ticket Operations: “Success, Failure”
- Audit Other Account Logon Events : “Success, Failure”
- Account Management
- Audit Computer Account Management: “Success”
- Audit Distribution Group Management: “Success”
- Audit Security Group Management: “Success”
- Audit User Account Management: “Success”
- DS Access
- Audit Directory Service Access: “Success”
- Logon/Logoff
- Audit Logoff: “Success”
- Audit Logon: “Success”
- Audit Other Logon/Logoff Events: “Success”
- Audit Special Logon: “Success”
infoblox_nios/user-id.1728654786.txt.gz · Last modified: by bstafford