Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] "Use Kerberos DES encryption types for this account", CBT and win2k8 R2 DCs
Prev Next
You are not authorized to post a reply.

AuthorMessages
AlRoseUser is Offline

Posts:44

04/20/2010 9:26 AM  
Hi,
Looking at Secure default settings in Windows 2k8, i can see the following


Encryption type or policy

Windows Server 2008 default

Windows Server 2008 R2 default

Comment

AllowNT4Crypto

Disabled

Disabled

Third-party Server Message Block (SMB) clients may be incompatible with the
secure default settings on Windows Server 2008 and Windows Server 2008 R2
domain controllers. In all cases, these settings can be relaxed to allow
interoperability at the expense of security. For more information, see article
942564 <http://go.microsoft.com/fwlink/?LinkId=164558> in the Microsoft
Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=164558).

DES

Enabled

Disabled

Article 977321 <http://go.microsoft.com/fwlink/?LinkId=177717> in the
Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=177717)

CBT/Extended Protection for Integrated Authentication

N/A

Enabled

See Microsoft Security Advisory
(937811)<http://go.microsoft.com/fwlink/?LinkId=164559>(
http://go.microsoft.com/fwlink/?LinkId=164559) and article
976918<http://go.microsoft.com/fwlink/?LinkId=178251>in the Microsoft
Knowledge Base (
http://go.microsoft.com/fwlink/?LinkId=178251).

LMv2

Enabled

Disabled

Article 976918 <http://go.microsoft.com/fwlink/?LinkId=178251> in the
Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=178251)



Referring to this KB article http://support.microsoft.com/kb/977321 i would
like to determine quickly if any account in my domain are set to "Use
Kerberos DES encryption types for this account" in the Account options in
dsa.msc

Is there any query i can make to get these information?


Secondly, anyone been dealing with CBT issues as refereed to this article
http://support.microsoft.com/kb/976918 while working with w2k8 DCs and Win7
clients, it seems there is a know bug with Java that requires suppressing
extended protection.

Thank you

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] "Use Kerberos DES encryption types for this account", CBT and win2k8 R2 DCs



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:40
MembersMembers:0
TotalTotal:40
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use