Administrators may have a requirement to separate login failure events based on the text in the "What" field in the event properties. However, there is currently no method available to separate these failures. For example, if a Active Directory user fails to login with an incorrect password or fails to login with a disabled account, both scenarios would generate "User failed to authenticate through Kerberos" events but each event would have different failure reasons in the 'What" field.
WORKAROUND:
None
STATUS:
Enhancement request number TF00412060 has been submitted to Development for consideration in a future release of ChangeAuditor for Logon Activity.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center