Re: RODC 2008 account and delegation

---

• From: "Ondrej Sevecek" <ondra at sevecek.com>
• Date: Fri, 18 Apr 2008 05:51:52 +0200

---

thank you, but I think, I do not understand your meaning well.

My problem is that the RODC is actually "trusted for delegation to any service without even specifying which one". Is it true?

ondra.


"Faisal [MSFT]" <faisal.hussain@xxxxxxxxxxxxxxxxxxxx> wrote in message news:72657F43-D0CD-4217-B387-CE47EA5C95DC@xxxxxxxxxxxxxxxx

so that you can add the account you want. have more detail here:
http://blogs.technet.com/askds/archive/2008/02/15/read-only-domain-controllers-and-account-lockouts.aspx

HTH

"Ondrej Sevecek" <ondra at sevecek.com> wrote in message news:e#O47#FoIHA.4760@xxxxxxxxxxxxxxxxxxxxxxx

Hello,

RODC account is automatically enabled to "be trusted for delegation to any authentication protocol". But the list is empty.

What does this mean exactly? I understand the "any" which means S4U, but what does the EMPTY list mean?

Does it mean, that it is trusted even for ANY service?

ondra.

.

---

• References:
  • RODC 2008 account and delegation
    • From: Ondrej Sevecek
  • Re: RODC 2008 account and delegation
    • From: Faisal [MSFT]

• Prev by Date: Re: RODC 2008 account and delegation
• Next by Date: Re: Hacked 2003 SBS Server - temp fix required
• Previous by thread: Re: RODC 2008 account and delegation
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2008-04