• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 86
  • Last Modified:

Domain Controller and Trusted for Delegation

I like to go back now and then and review how Kerbose and Delegation work to make sure I am understanding everything correctly.

I see my DC's minus my RODC are trusted for Delegation for any Kerbose service. My understand is when delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

Now for DC's delegation is needed to support how the ticket exchange process work correct???
0
compdigit44
Asked:
compdigit44
1 Solution
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

No it is not, domain controllers need more delegates like syncing DNS, AD, many more and yes also Kerberos tickets.

When you, e.g., hand out delegates between Hyper Visors then you would select specific services just to handle virtualisation but domain controllers need all.

Cheers
0
 
compdigit44Author Commented:
Great feedback.. do you know of any good articles that take about DC and delegation specifically?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now