64. Configure Kerberos Policy Settings in Active Directory | Windows Server 2022
Рет қаралды 3,881
Күн бұрын
@RolandLyngvig 7 ай бұрын
In your video 64 about Kerberos Policy Settings, at 7:43, I can see that your "KerbTicket Encryption Type" shown by klist (AES-256-CTS-HMAC-SHA1-96) is much stronger than the default on a newly upgraded W2K22 DC, which has "KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)". It will be nice to have a video from you about this subject and when to and how to strengthen this. I assume the low value in the DC I have seen is for some compatibility with older Windows versions. But if domain does not have older than Windows 10, what is the best value and how do we admins change it? 🙂
@batista98854 4 ай бұрын
Awesome, one quick question please. What is the maximum number of tokens that can be issues by Kerberos?
@MSFTWebCast 4 ай бұрын
I think its up to 65535. But still I need to check this information for Windows Server 2022.
@DrissZarhouni-t6x 7 ай бұрын
Welcome back I love you so much ❤
@ierosgr 7 ай бұрын
Does Kerberos work along with NTLM or you have to disable NTLM in order to enforce Kerberos? As it seems it is already enabled and the admin doesn t have to do much if anything at all even with the default values.
@MSFTWebCast 7 ай бұрын
NTLM is older authentication protocol. Still we are using both protocols in AD. If for any reason Kerberos fails, NTLM will be used for authentication instead.
@ierosgr 7 ай бұрын
How to check which one is currently being used? Is there a way to define the priority between thw two?
@tech_code8 7 ай бұрын
Nice
MSFT WebCast
Рет қаралды 1,1 М.
Jason Derulo
Рет қаралды 14 МЛН
ittaster
Рет қаралды 113 М.
Alpha Tutorials - Admin
Рет қаралды 11 М.
MSFT WebCast
Рет қаралды 81 М.
the Sysadmin Channel
Рет қаралды 116 М.