Solved

Domain Controller and Trusted for Delegation

Posted on 2016-07-23
2
45 Views
Last Modified: 2016-07-24
I like to go back now and then and review how Kerbose and Delegation work to make sure I am understanding everything correctly.

I see my DC's minus my RODC are trusted for Delegation for any Kerbose service. My understand is when delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

Now for DC's delegation is needed to support how the ticket exchange process work correct???
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Accepted Solution

by:
Patrick Bogers earned 500 total points
ID: 41726004
Hi

delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

No it is not, domain controllers need more delegates like syncing DNS, AD, many more and yes also Kerberos tickets.

When you, e.g., hand out delegates between Hyper Visors then you would select specific services just to handle virtualisation but domain controllers need all.

Cheers
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41726566
Great feedback.. do you know of any good articles that take about DC and delegation specifically?
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question