RE: Kerberos policy on Windows 2000 domain controllers

From: Bobby McMillan [MSFT] (robertmc_at_online.microsoft.com)
Date: 12/29/03

Next message: maroc: "remove browsing to c: from users"
Previous message: Bobby McMillan [MSFT]: "RE: SBS server"
In reply to: Raj: "Kerberos policy on Windows 2000 domain controllers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Dec 2003 10:57:52 GMT

Raj,

The Kerberos policies need to be the same throughout the domain therefore
they are set at the domain level.

>From 232179 Kerberos Administration in Windows 2000
http://support.microsoft.com/?id=232179

----cut----

Kerberos Policy Settings
------------------------

In Windows 2000, the Kerberos policy is defined at the domain level and
implemented by the domain's Key Distribution Center (KDC). The Kerberos
policy is stored in Active Directory as a subset of the attributes of the
domain security policy. By default, policy options can be set only by
members of the Domain Administrators group.

---cut---

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Raj" <anonymous@discussions.microsoft.com>
| Sender: "Raj" <anonymous@discussions.microsoft.com>
| Subject: Kerberos policy on Windows 2000 domain controllers
| Date: Mon, 29 Dec 2003 00:27:09 -0800
|
|
| Can someone please let me know why the kerberos policy
| option is not available in Active directory under Computer
| configuration ---> Windows settings --> Security settings -
| -> Account policies for the Default domain controller
| group policy created for Windows 2000 domain controllers.
| The kerberos policy option is available under the security
| settings for the Windows 2000 domain. Can someone please
| let me know how to activate the kerberos policy option for
| domain controllers.
|
| Many thanks.
|

Next message: maroc: "remove browsing to c: from users"
Previous message: Bobby McMillan [MSFT]: "RE: SBS server"
In reply to: Raj: "Kerberos policy on Windows 2000 domain controllers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Kerberos policy on Windows 2000 domain controllers
... group policy created for Windows 2000 domain controllers. ... The kerberos policy option is available under the security ...
(microsoft.public.win2000.security)
Kerberos Ticket Renewal Problem
... I have tried setting this in the Domain Security Policy for Kerberos Policy ... (Max lifetime for service and user ticket), ... SP2) shows that the lifetime is 10 hours. ... Windows 2003 DC servers. ...
(microsoft.public.windows.server.security)
Re: Cannot Set Kerberos Policy for Domain Controller
... For both domain controllers and member servers, ... includes Account Policies for Password, Account Lockout, and Kerberos. ... Kerberos Policy is simply missing altogether. ...
(microsoft.public.windows.group_policy)