//********************************************* // *** Active Directory Service Provider: KDC //********************************************* #pragma autorecover #pragma classflags("forceupdate") #pragma namespace ("\\\\.\\Root\\WMI") [Dynamic, Description("Security: Kerberos Authentication") : amended, Guid("{6B510852-3583-4e2d-AFFE-A67F9F223438}"), locale("MS\\0x409")] class KerberosDebugTrace : EventTrace { [ Description ("Enable Flags") : amended, ValueDescriptions{ "Error Flag", "Warning Flag", "Trace Flag", "API Flag", "Credentials Flag", "Context Flag", "Logon Session Flag", "Referral Flag", "Logon Flag", "KDC Flag", "Context More Flag", "Time Flag", "User Flag", "Leaks Flag", "Socket Flag", "SPN cache Flag", "S4U Error Flag", "S4U Trace Flag", "Binding Cache Flag", "Loopback Flag", "Ticket Renewal Flag", "U2U Flag"} : amended, Values{"Error", "Warning", "Trace", "API", "Cred", "Context", "LSess", "Referral", "Logon", "KDC", "Context2", "Time", "User", "Leaks", "Socket", "Spn", "S4uErr", "S4U", "Bnd", "Loopback", "Renew", "U2U"}, ValueMap{"0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400", "0x00000800", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000", "0x00040000", "0x00080000", "0x00100000", "0x00200000"} : amended ] uint32 Flags; }; [Dynamic, Description("Active Directory: Kerberos Client") : amended, Guid("{bba3add2-c229-4cdb-ae2b-57eb6966b0c4}"), locale("MS\\0x409")] class MSKerbTrace :EventTrace { }; [Dynamic, Description("Kerberos Logon User Handler") : amended, Guid("{8a3b8d86-db1e-47a9-9264-146e097b3c64}"), DisplayName("KerbLogonUser"), locale("MS\\0x409") ] class KerbLogonUser:MSKerbTrace { }; [Dynamic, Description("Kerberos Logon User Handler") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbLogonUser_Start:KerbLogonUser { }; [Dynamic, Description("Kerberos Logon User Handler") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbLogonUser_End:KerbLogonUser { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Logon Type") : amended, StringTermination("Counted"), format("w"), read] string LogonType; [WmiDataId(3), Description("User Name") : amended, StringTermination("Counted"), format("w"), read] string UserName; [WmiDataId(4), Description("Logon Domain") : amended, StringTermination("Counted"), format("w"), read] string LogonDomain; }; [Dynamic, Description("Kerberos Initialize Security Context Handler") : amended, Guid("{52e82f1a-7cd4-47ed-b5e5-fde7bf64cea6}"), DisplayName("KerbInitSecurityContext"), locale("MS\\0x409") ] class KerbInitSecurityContext:MSKerbTrace { }; [Dynamic, Description("Kerberos Initialize Security Context Handler") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbInitSecurityContext_Start:KerbInitSecurityContext { }; [Dynamic, Description("Kerberos Initialize Security Context Handler") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbInitSecurityContext_End:KerbInitSecurityContext { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Credentials Source") : amended, StringTermination("Counted"), format("w"), read] string CredSource; [WmiDataId(3), Description("Domain Name") : amended, StringTermination("Counted"), format("w"), read] string DomainName; [WmiDataId(4), Description("User Name") : amended, StringTermination("Counted"), format("w"), read] string UserName; [WmiDataId(5), Description("Target") : amended, StringTermination("Counted"), format("w"), read] string Target; [WmiDataId(6), Description("Extended Error Code") : amended, format("x"), read] uint32 ExtError; [WmiDataId(7), Description("Extended Error klininfo") : amended, format("x"), read] uint32 klininfo; }; [Dynamic, Description("Kerberos Accept Security Context Handler") : amended, Guid("{94acefe3-9e56-49e3-9895-7240a231c371}"), DisplayName("KerbAcceptSecurityContext"), locale("MS\\0x409") ] class KerbAcceptSecurityContext:MSKerbTrace { }; [Dynamic, Description("Kerberos Accept Security Context Handler") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbAcceptSecurityContext_Start:KerbAcceptSecurityContext { }; [Dynamic, Description("Kerberos Accept Security Context Handler") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbAcceptSecurityContext_End:KerbAcceptSecurityContext { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Credentials Source") : amended, StringTermination("Counted"), format("w"), read] string CredSource; [WmiDataId(3), Description("Domain Name") : amended, StringTermination("Counted"), format("w"), read] string DomainName; [WmiDataId(4), Description("User Name") : amended, StringTermination("Counted"), format("w"), read] string UserName; [WmiDataId(5), Description("Target") : amended, StringTermination("Counted"), format("w"), read] string Target; }; [Dynamic, Description("Kerberos Set Password") : amended, Guid("{94c79108-b23b-4418-9b7f-e6d75a3a0ab2}"), DisplayName("KerbSetPassword"), locale("MS\\0x409") ] class KerbSetPassword:MSKerbTrace { }; [Dynamic, Description("Kerberos Set Password") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbSetPassword_Start:KerbSetPassword { }; [Dynamic, Description("Kerberos Set Password") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbSetPassword_End:KerbSetPassword { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Account Name") : amended, StringTermination("Counted"), format("w"), read] string AccountName; [WmiDataId(3), Description("Account Realm") : amended, StringTermination("Counted"), format("w"), read] string AccountRealm; [WmiDataId(4), Description("Client Name") : amended, StringTermination("Counted"), format("w"), read] string ClientName; [WmiDataId(5), Description("Client Realm") : amended, StringTermination("Counted"), format("w"), read] string ClientRealm; [WmiDataId(6), Description("KDC Address") : amended, StringTermination("Counted"), format("w"), read] string KdcAddress; }; [Dynamic, Description("Kerberos Change Password") : amended, Guid("{c55e606b-334a-488b-b907-384abaa97b04}"), DisplayName("KerbChangePassword"), locale("MS\\0x409") ] class KerbChangePassword:MSKerbTrace { }; [Dynamic, Description("Kerberos Change Password") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbChangePassword_Start:KerbChangePassword { }; [Dynamic, Description("Kerberos Change Password") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbChangePassword_End:KerbChangePassword { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Account Name") : amended, StringTermination("Counted"), format("w"), read] string AccountName; [WmiDataId(3), Description("Account Realm") : amended, StringTermination("Counted"), format("w"), read] string DomainName; };