Solved

Domain Controller and Trusted for Delegation

Posted on 2016-07-23
2
51 Views
Last Modified: 2016-07-24
I like to go back now and then and review how Kerbose and Delegation work to make sure I am understanding everything correctly.

I see my DC's minus my RODC are trusted for Delegation for any Kerbose service. My understand is when delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

Now for DC's delegation is needed to support how the ticket exchange process work correct???
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Patrick Bogers earned 500 total points
ID: 41726004
Hi

delegation is set on on computer object any service running as Local Service can delegate access to other services running on the server which could be a security issue correct???

No it is not, domain controllers need more delegates like syncing DNS, AD, many more and yes also Kerberos tickets.

When you, e.g., hand out delegates between Hyper Visors then you would select specific services just to handle virtualisation but domain controllers need all.

Cheers
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41726566
Great feedback.. do you know of any good articles that take about DC and delegation specifically?
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question