Our servers still have a RegEdit policy lock-down in affect. Yes, it is still silly. PowerShell however is allowed Image may be NSFW.
Clik here to view.
Turning on Kerberos logging allows you to view detailed information on any Kerberos errors in the Windows event log via the System log. There is a Microsoft Knowledgebase article about how to turn it on, but that requires Regedit access. You can, however, turn this on via PowerShell. When the kerberos logging is turned on, check the Windows System event log for entries. The change is instantaneous – you do not need to log off or reboot to see the event logging.
# Get the value of the Kerberos logging property Get-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
If you do not have this key, it will return no data. However, if you do have this key it should return something similar to:
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters *snip* LogLevel : 1
# Add the log level key for Kerberos logging New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "1" -PropertyType dword
# Enable Kerberos logging Set-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "1"
# Disable Kerberos logging Set-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "0"
Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
