NTLM Security Protocol

3 events across 1 channel

Event ID	Title	Channel
0	NTLM Server Accept	ETW Trace
1	NTLM Client Initialize	ETW Trace
2	NTLM Validate Credentials	ETW Trace

Event ID 0 — NTLM Server Accept

Provider: NTLM Security Protocol
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`StageHint` mof:UInt32	—
`InContext` mof:UInt32	—
`OutContext` mof:UInt32	—
`Flags` mof:UInt32	—
`UserName` mof:String	—
`DomainName` mof:String	—
`Workstation` mof:String	—

Event ID 1 — NTLM Client Initialize

Provider: NTLM Security Protocol
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`StageHint` mof:UInt32	—
`InContext` mof:UInt32	—

Event ID 2 — NTLM Validate Credentials

Provider: NTLM Security Protocol
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Success` mof:UInt32	—
`LogonServer` mof:String	—
`LogonDomain` mof:String	—
`UserName` mof:String	—
`Workstation` mof:String	—