NTLM Security Protocol

3 events across 1 channel

Event ID	Title	Channel
0	NTLM Server Accept	ETW Trace
1	NTLM Client Initialize	ETW Trace
2	NTLM Validate Credentials	ETW Trace

Event ID 0 — NTLM Server Accept

Provider: NTLM Security Protocol
Channel: ETW Trace

Fields

Name	Description
`StageHint`	—
`InContext`	—
`OutContext`	—
`Flags`	—
`UserName`	—
`DomainName`	—
`Workstation`	—

Event ID 1 — NTLM Client Initialize

Provider: NTLM Security Protocol
Channel: ETW Trace

Fields

Name	Description
`StageHint`	—
`InContext`	—

Event ID 2 — NTLM Validate Credentials

Provider: NTLM Security Protocol
Channel: ETW Trace

Fields

Name	Description
`Success`	—
`LogonServer`	—
`LogonDomain`	—
`UserName`	—
`Workstation`	—