Solved

Windows 2008 R2 authentication

Posted on 2013-12-17
6
521 Views
Last Modified: 2014-01-17
Best tool to find the authentication in Windows 2008 R2 domain?.
0
Comment
Question by:sumod_jacob
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39724368
Can you please elobrate the question
If you need to know Windows 2008 R2 authetication architecture :  http://technet.microsoft.com/en-us/library/dn169016(v=ws.10).aspx

If you need to know if DC your machine is autheticated : Start >run> cmd and type set l
or just type set
set l

Open in new window

0
 

Author Comment

by:sumod_jacob
ID: 39724493
The thing is my share point development team want to have Kerberos authentication to be enabled in domain as its get more security advantages for the apps.. When I see the Domain Controller GPO "Netwrok Security:LAN Manager authentication level" not defined.. What need to be done inorder to enable Kerberos?
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 167 total points
ID: 39724537
2008 R2 uses Kerberos v5 by default out of the box. Developers just need to code accordingly.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 17

Assisted Solution

by:Tony Massa
Tony Massa earned 333 total points
ID: 39725484
0
 

Author Comment

by:sumod_jacob
ID: 39740112
How do I check my AD using Kerberos authentication?.
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 333 total points
ID: 39740168
You can use wireshark to "watch" the authentication or just check the security logs of any domain controller. The log entries will indicate which authentication protocol is being used for users and computers. Look for event IDs of 4624 on 2008 and higher DCs.  They will have the "authentication package" that was used.  On 2003 DCs, look for event id 540.

Kerberos has been the default protocol for many years now, and falls back to NTLM only if kerberos fails.  

SharePoint needs to be set up properly for kerberos,  the domain controllers already support it.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question