detection.wiki

Microsoft-Windows-DirectoryServices-Deployment › Event 104

Event ID 104 —

Provider
Microsoft-Windows-DirectoryServices-Deployment
Channel
Operational
Level
Warning
Task
Core

Message #

%1

Fields #

NameDescription
Prop_UnicodeString UnicodeString

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DirectoryServices-Deployment",
    "guid": "71B4B0DA-68D5-4925-9F9B-61750F989527",
    "event_source_name": "",
    "event_id": 104,
    "version": 0,
    "level": 3,
    "task": 1,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2022-04-07T17:10:43.778531+00:00",
    "event_record_id": 128,
    "correlation": {
      "ActivityID": "DD7B0B6A-4A9E-0001-F797-7BDD9E4AD801"
    },
    "execution": {
      "process_id": 5272,
      "thread_id": 1872
    },
    "channel": "Microsoft-Windows-DirectoryServices-Deployment/Operational",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
    }
  },
  "event_data": {
    "Prop_UnicodeString": "Windows Server 2022 domain controllers have a default for the security setting named \"Allow cryptography algorithms compatible with Windows NT 4.0\" that prevents weaker cryptography algorithms when establishing security channel sessions.\r\n\r\nFor more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751)."
  },
  "message": ""
}

References #