Enabling Kerberos Armoring for Domain Controllers
The next step is to configure the domain controllers to include DAC information in the Kerberos authentication tickets that are granted to users for data access and authorization. The basis for DAC is Kerberos authentication and authorization, and DAC will not function if organizations’ Active Directory infrastructures rely on third-party Kerberos realm trusts or NTLM as the primary authentication and authorization systems. To enable DAC functionality for Kerberos, known as Kerberos armoring, on the organization’s domain controllers, all domain controllers will require this change.
This change will be applied to all domain controllers by creating a new GPO and linking it to the domain controllers ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
