Contact info for Tech Philly
Home  •  Contact  •  Services  •  Support

            Tech Solutions

PC Upgrades Upgrades
Data Recovery Data Recovery
Computer Repair, Maintenance, and update Maintenance
Security From Viruses, Hackers, and Spyware Security
Network Solutions Networks
Website Search Engine Optimization Google Rank Increase Websites
Computer Repair Philadelphia Gateway Compaq Custom Systems

  • Location Service
  • 24/7 Help

Philadelphia Computer Tech Support
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -

token for access to the service the client has requested to use.
Q: Do I need to manually create the Kerberos settings for my Windows 2000 domain?
A: Windows 2000 Server ships with a default domain policy that includes reasonable settings for the
Kerberos Policy. The only reason to change from the default settings is if the requirements for your
organization differ from the default value settings.
Q: Can my Windows 9x clients authenticate using Kerberos?
A: No, Microsoft is not releasing a Kerberos add-on for Windows 9x. Windows 9x clients can only
authenticate using the NTLM authentication protocol. To enhance the security of Windows 2000
domains, Microsoft recommends that you upgrade all clients to Windows 2000 so that the more secure
Kerberos authentication protocol is utilized by all systems in the domain.
Q: How does a server know that a user is authorized access to a service even though it has
authenticated their identity?
A: Microsoft Kerberos includes a Privilege Attribute Certificate in every ticket. The PAC includes the
userís SID and the SIDs for all groups of which the user is a member. The server compares this data
with the data for the Access Control List on the service to determine if access is allowed or denied. If
access is allowed, the server also determines the level of access based upon information in the ACL.
Q: How does a Windows 2000 client find a Microsoft KDC?
A: It uses DNS to locate KDCs in the domain.
Q: Why are ticket-granting tickets necessary?
A: To prove to the KDC that the clients requesting a session ticket are really who they say they are.
The KDC issues the TGT to the client when it first logs on the domain.
Q: How can Windows 2000 be configured to use forwardable tickets?
A: By default, members of the Domain Admins group can forward tickets. For other users, it has to be
configured individually.
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -

  Home Contact Data Recovery Search Engine Web Design/Hosting Networks

Serving the Philadelphia area with the best in tech service and support.

Tech Philly Custom Systems Data Recovery Emergency Service Maintenance Network Service Onsite Service Repair Security Software Spyware Upgrades Viruses Website Design Website Hosting Wireless Computer