//********************************************* // *** Active Directory Service Provider: KDC //********************************************* #pragma classflags("forceupdate") #pragma namespace ("\\\\.\\Root\\WMI") [Dynamic, Description("Active Directory: Kerberos") : amended, Guid("{bba3add2-c229-4cdb-ae2b-57eb6966b0c4}"), locale("MS\\0x409")] class MSKerbTrace :EventTrace { }; [Dynamic, Description("Kerberos Logon User Handler") : amended, Guid("{8a3b8d86-db1e-47a9-9264-146e097b3c64}"), DisplayName("KerbLogonUser"), locale("MS\\0x409") ] class KerbLogonUser:MSKerbTrace { }; [Dynamic, Description("Kerberos Logon User Handler") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbLogonUser_Start:KerbLogonUser { }; [Dynamic, Description("Kerberos Logon User Handler") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbLogonUser_End:KerbLogonUser { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Logon Type") : amended, StringTermination("Counted"), format("w"), read] string LogonType; [WmiDataId(3), Description("User Name") : amended, StringTermination("Counted"), format("w"), read] string UserName; [WmiDataId(4), Description("Logon Domain") : amended, StringTermination("Counted"), format("w"), read] string LogonDomain; }; [Dynamic, Description("Kerberos Initialize Security Context Handler") : amended, Guid("{52e82f1a-7cd4-47ed-b5e5-fde7bf64cea6}"), DisplayName("KerbInitSecurityContext"), locale("MS\\0x409") ] class KerbInitSecurityContext:MSKerbTrace { }; [Dynamic, Description("Kerberos Initialize Security Context Handler") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbInitSecurityContext_Start:KerbInitSecurityContext { }; [Dynamic, Description("Kerberos Initialize Security Context Handler") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbInitSecurityContext_End:KerbInitSecurityContext { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Credentials Source") : amended, StringTermination("Counted"), format("w"), read] string CredSource; [WmiDataId(3), Description("Domain Name") : amended, StringTermination("Counted"), format("w"), read] string DomainName; [WmiDataId(4), Description("User Name") : amended, StringTermination("Counted"), format("w"), read] string UserName; [WmiDataId(5), Description("Target") : amended, StringTermination("Counted"), format("w"), read] string Target; [WmiDataId(6), Description("Extended Error Code") : amended, format("x"), read] uint32 ExtError; [WmiDataId(7), Description("Extended Error klininfo") : amended, format("x"), read] uint32 klininfo; }; [Dynamic, Description("Kerberos Accept Security Context Handler") : amended, Guid("{94acefe3-9e56-49e3-9895-7240a231c371}"), DisplayName("KerbAcceptSecurityContext"), locale("MS\\0x409") ] class KerbAcceptSecurityContext:MSKerbTrace { }; [Dynamic, Description("Kerberos Accept Security Context Handler") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbAcceptSecurityContext_Start:KerbAcceptSecurityContext { }; [Dynamic, Description("Kerberos Accept Security Context Handler") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbAcceptSecurityContext_End:KerbAcceptSecurityContext { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Credentials Source") : amended, StringTermination("Counted"), format("w"), read] string CredSource; [WmiDataId(3), Description("Domain Name") : amended, StringTermination("Counted"), format("w"), read] string DomainName; [WmiDataId(4), Description("User Name") : amended, StringTermination("Counted"), format("w"), read] string UserName; [WmiDataId(5), Description("Target") : amended, StringTermination("Counted"), format("w"), read] string Target; }; [Dynamic, Description("Kerberos Set Password") : amended, Guid("{94c79108-b23b-4418-9b7f-e6d75a3a0ab2}"), DisplayName("KerbSetPassword"), locale("MS\\0x409") ] class KerbSetPassword:MSKerbTrace { }; [Dynamic, Description("Kerberos Set Password") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbSetPassword_Start:KerbSetPassword { }; [Dynamic, Description("Kerberos Set Password") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbSetPassword_End:KerbSetPassword { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Account Name") : amended, StringTermination("Counted"), format("w"), read] string AccountName; [WmiDataId(3), Description("Account Realm") : amended, StringTermination("Counted"), format("w"), read] string AccountRealm; [WmiDataId(4), Description("Client Name") : amended, StringTermination("Counted"), format("w"), read] string ClientName; [WmiDataId(5), Description("Client Realm") : amended, StringTermination("Counted"), format("w"), read] string ClientRealm; [WmiDataId(6), Description("KDC Address") : amended, StringTermination("Counted"), format("w"), read] string KdcAddress; }; [Dynamic, Description("Kerberos Change Password") : amended, Guid("{c55e606b-334a-488b-b907-384abaa97b04}"), DisplayName("KerbChangePassword"), locale("MS\\0x409") ] class KerbChangePassword:MSKerbTrace { }; [Dynamic, Description("Kerberos Change Password") : amended, EventType(1), EventTypeName("Start"), locale("MS\\0x409") ] class KerbChangePassword_Start:KerbChangePassword { }; [Dynamic, Description("Kerberos Change Password") : amended, EventType(2), EventTypeName("End"), locale("MS\\0x409") ] class KerbChangePassword_End:KerbChangePassword { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Account Name") : amended, StringTermination("Counted"), format("w"), read] string AccountName; [WmiDataId(3), Description("Account Realm") : amended, StringTermination("Counted"), format("w"), read] string DomainName; };