Kerberos Authentication Events Explained
On Windows 2000 and Windows Server 2003 you can track all the logon activity within your domain by going no futher than your domain controller security logs. But you must interpret Kerberos events correctly in order to to identify suspicious activity. This article explains how Kerberos works in the Windows environment and how to understand the cryptic codes your find in the security log.