?
Solved

Domain Controller and Trusted for Delegation

Posted on 2016-07-23
2
Medium Priority
?
56 Views
Last Modified: 2016-07-24
I like to go back now and then and review how Kerbose and Delegation work to make sure I am understanding everything correctly.

I see my DC's minus my RODC are trusted for Delegation for any Kerbose service. My understand is when delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

Now for DC's delegation is needed to support how the ticket exchange process work correct???
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Patrick Bogers earned 2000 total points
ID: 41726004
Hi

delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

No it is not, domain controllers need more delegates like syncing DNS, AD, many more and yes also Kerberos tickets.

When you, e.g., hand out delegates between Hyper Visors then you would select specific services just to handle virtualisation but domain controllers need all.

Cheers
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41726566
Great feedback.. do you know of any good articles that take about DC and delegation specifically?
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question