Prior to version 7.1, Change Auditor audits Kerberos logon events only from the Domain Controllers. NTLM events (equivalent to Windows Security log Eventid 680/4776) are not monitored by Change Auditor.
For versions 7.1 and later, Change Auditor can also audit NTLM events if you have the "Logon Activity - User" license applied
© ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité Cookie Preference Center