Solved

Domain Controller and Trusted for Delegation

Posted on 2016-07-23
2
47 Views
Last Modified: 2016-07-24
I like to go back now and then and review how Kerbose and Delegation work to make sure I am understanding everything correctly.

I see my DC's minus my RODC are trusted for Delegation for any Kerbose service. My understand is when delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

Now for DC's delegation is needed to support how the ticket exchange process work correct???
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Patrick Bogers earned 500 total points
ID: 41726004
Hi

delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

No it is not, domain controllers need more delegates like syncing DNS, AD, many more and yes also Kerberos tickets.

When you, e.g., hand out delegates between Hyper Visors then you would select specific services just to handle virtualisation but domain controllers need all.

Cheers
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41726566
Great feedback.. do you know of any good articles that take about DC and delegation specifically?
0

Featured Post

Office 365 Advanced Training for Admins

Special Offer:  Buy 1 course, get 2nd free!  Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question