Click here to get back home

RODC 2008 account and delegation
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
RODC 2008 account and delegation Ondrej Sevecek 04-17-2008
Posted by Ondrej Sevecek on April 17, 2008, 3:50 am
Please log in for more thread options
 Hello,

RODC account is automatically enabled to "be trusted for delegation to any
authentication protocol". But the list is empty.

What does this mean exactly? I understand the "any" which means S4U, but
what does the EMPTY list mean?

Does it mean, that it is trusted even for ANY service?

ondra.


Posted by Faisal [MSFT] on April 17, 2008, 10:19 am
Please log in for more thread options
 so that you can add the account you want. have more detail here:
http://blogs.technet.com/askds/archive/2008/02/15/read-only-domain-controllers-and-account-lockouts.aspx

HTH

"Ondrej Sevecek" <ondra at sevecek.com> wrote in message
> Hello,
>
> RODC account is automatically enabled to "be trusted for delegation to any
> authentication protocol". But the list is empty.
>
> What does this mean exactly? I understand the "any" which means S4U, but
> what does the EMPTY list mean?
>
> Does it mean, that it is trusted even for ANY service?
>
> ondra.
>

Posted by Ondrej Sevecek on April 17, 2008, 11:51 pm
Please log in for more thread options
thank you, but I think, I do not understand your meaning well.

My problem is that the RODC is actually "trusted for delegation to any
service without even specifying which one". Is it true?

ondra.


> so that you can add the account you want. have more detail here:
>
http://blogs.technet.com/askds/archive/2008/02/15/read-only-domain-controllers-and-account-lockouts.aspx
>
> HTH
>
> "Ondrej Sevecek" <ondra at sevecek.com> wrote in message
>> Hello,
>>
>> RODC account is automatically enabled to "be trusted for delegation to
>> any authentication protocol". But the list is empty.
>>
>> What does this mean exactly? I understand the "any" which means S4U, but
>> what does the EMPTY list mean?
>>
>> Does it mean, that it is trusted even for ANY service?
>>
>> ondra.
>>


Similar ThreadsPosted
Reset Passwords, Account operators, Delegation - access denied August 8, 2006, 8:37 pm
Smart Card Logon RODC May 22, 2008, 11:06 am
2008 RC1 patches available? January 23, 2008, 2:36 pm
EFS and Delegation June 8, 2005, 10:30 am
OU delegation July 26, 2007, 12:08 pm
Delegation problem January 22, 2006, 1:43 pm
Kerberos delegation December 7, 2006, 12:53 pm
trouble wiht AD CS 2008 test lab: January 16, 2008, 11:09 pm
Kerberos/ASP/Delegation/W2K3 July 19, 2005, 2:24 pm
AD CS 2008 - issuing IPSEC certs from a stand-alone CA: January 31, 2008, 3:17 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap