Contact info for Tech Philly
Home  •  Contact  •  Services  •  Support

  login:        
  password:  
            Tech Solutions
     

PC Upgrades Upgrades
Data Recovery Data Recovery
Computer Repair, Maintenance, and update Maintenance
Security From Viruses, Hackers, and Spyware Security
Network Solutions Networks
Website Search Engine Optimization Google Rank Increase Websites
Computer Repair Philadelphia Gateway Compaq Custom Systems

  • Location Service
  • 24/7 Help
 
 

Philadelphia Computer Tech Support
 
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -

Kerberos Policy
Policy for Kerberos in Windows 2000 is set at the domain level. As a matter of fact, Microsoft uses the word
“domain” instead of “realm” when referring to Kerberos policy. Kerberos policy is stored within Active
Directory, and only members of the Domain Admins group are allowed to change the policy. Figure 3.10
shows the options available in the Kerberos policy for the domain. The default settings are the default for
Windows 2000 Server beta 3.
Figure 3.10 This is the default Kerberos Domain Policy.
The settings included in the Kerberos Domain Policy are:
• Enforce user logon restrictions
• Maximum lifetime that a user ticket can be renewed
• Maximum service ticket lifetime
• Maximum tolerance for synchronization of computer clocks
• Maximum user ticket lifetime
Enforce user logon restrictions is enabled by default and is used to validate every request for session tickets
by making sure that the client has the correct user rights for logging on the destination server. This setting
can be disabled; it takes extra time to perform and may slow down network performance.
The maximum lifetime that a ticket can be renewed setting is set in days. A reasonable setting is seven days
for this attribute.
The maximum service ticket lifetime is set in minutes. Do not let the term “service ticket” confuse you; it is
just the name Microsoft decided to use for session tickets. The setting for the lifetime of the service ticket
cannot be more than the time specified in the maximum user ticket lifetime or less than ten minutes. A
reasonable setting for this option is to make it the same as the maximum user ticket lifetime.
The maximum tolerance for synchronization of computer clocks setting determines how much difference in
the clocks is tolerated. This setting is in minutes, and five minutes is a reasonable setting.
The maximum user ticket lifetime is set in hours. Microsoft has decided to use the term “user ticket,” but in
Kerberos terms it is a TGT. A reasonable setting is 10 hours for this attribute.
It is easy to change an attribute by double-clicking the attribute and changing the setting, as shown in Figure
3.11.
Figure 3.11 This is the way to change the setting for the maximum lifetime that a user ticket can be renewed
attribute.
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -

 
 
 
 
  Home Contact Data Recovery Search Engine Web Design/Hosting Networks

Serving the Philadelphia area with the best in tech service and support. 		     
  Related Info:
-Microsoft Bing's Search Share Climbs Again (PC Magazine via Yahoo! News)
ComScore released its search engine traffic results for February and once again it's good news for Microsoft--once again at the expense of Yahoo.
-Google Apps Store Challenges Microsoft (TheStreet.com)
Google opens up another front in its war against Microsoft by launching a new online store for business apps.
-Sun fended off Apple Microsoft IP lawsuit threats (CNET)
Steve Jobs personally threatened to sue Sun Microsystems Jonathan Schwartz says. Sun warded off that and a Microsoft threat with its own patent portfolio.
-Expert Guidance for New Microsoft Security Bulletins (PC World via Yahoo! News)
As predicted last week in the Microsoft Security Bulletin Advance Notification for March 2010 Microsoft released two new security bulletins today for the March 2010 Patch Tuesday. The two security bulletins bring the total number of security bulletins for 2010 up to 17.
-Microsoft needs browser comeback from Internet Explorer 9 (TechWorld)
Rival browsers continue to eat up web market Microsoft is expected to share details about Internet Explorer 9 at its upcoming MIX10 conference and industry watchers say the forthcoming release could help the software giant put part of its embattled browser past behind it.
-Microsoft warns of zero-day IE hole (TechWorld)
Attacks under way on Patch Tuesday Microsoft warned of a critical vulnerability in Internet Explorer that is already being exploited by hackers the second such admission in the last two months.
-Microsoft patches Excel security hole (TechWorld)
Spreadsheet hacks foiled Following a heavy patch month in February Microsoft announced a lighter load of security bulletins for its users but security experts say the potential impact is considerable if vulnerabilities aren't addressed.
-Excel Movie Maker Flaws Fixed by Microsoft (PC World via Yahoo! News)
In a relatively light Patch Tuesday Microsoft closed holes that could allow a poisoned Excel or Movie Maker file to install malware on a vulnerable PC. However a new flaw involving VBScript and Windows Help files that can be targeted through Internet Explorer remains unfixed.
-Microsoft to XP users: don’t press F1 (KIVI Boise)
Microsoft has issued a security advisory for Windows 2000 Windows XP and Windows Server 2003 that just pressing the F1 key could enable attackers to take over the machine.
-Microsoft rolls out new MSN site design (AP via Yahoo! News)
Microsoft is rolling out the new design for its MSN Web portal in the U.S.
Updated 691 minutes ago.

Tech Philly Custom Systems Data Recovery Emergency Service Maintenance Network Service Onsite Service Repair Security Software Spyware Upgrades Viruses Website Design Website Hosting Wireless Computer