Event ID 300 — The user "EventInfo.Username", on client computer "EventInfo.IpAddress", met resource authorization policy requirements and was therefore authorized to connect to resource "EventInfo.Resource".

Provider: Microsoft-Windows-TerminalServices-Gateway
Channel: Operational
Level: Informational

Description

The user "EventInfo.Username", on client computer "EventInfo.IpAddress", met resource authorization policy requirements and was therefore authorized to connect to resource "EventInfo.Resource".

Message #

The user "%1", on client computer "%2", met resource authorization policy requirements and was therefore authorized to connect to resource "%4".

Fields #

Name	Description
`EventInfo.Username`	—
`EventInfo.IpAddress`	—
`EventInfo.AuthType`	—
`EventInfo.Resource`	—
`EventInfo.ConnectionProtocol`	—
`EventInfo.ErrorCode`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-TerminalServices-Gateway",
    "guid": "4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B",
    "event_source_name": "",
    "event_id": 300,
    "version": 0,
    "level": 4,
    "task": 5,
    "opcode": 30,
    "keywords": 4620693217698906112,
    "time_created": "2024-11-04T13:59:32.621299+00:00",
    "event_record_id": 88,
    "correlation": {
      "ActivityID": "7CF86876-882F-0625-F153-3DEC514DA0B2"
    },
    "execution": {
      "process_id": 1444,
      "thread_id": 2556
    },
    "channel": "Microsoft-Windows-TerminalServices-Gateway/Operational",
    "computer": "EC2AMAZ-6C3C9U6",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "user_data": {
    "EventInfo": {
      "Username": "EC2AMAZ-6C3C9U6\\Administrator",
      "IpAddress": "198.51.100.1",
      "AuthType": "",
      "Resource": "ec2-18-179-8-103.ap-northeast-1.compute.amazonaws.com",
      "ConnectionProtocol": "",
      "ErrorCode": 0
    }
  },
  "message": ""
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx