|
Posted by =?Utf-8?B?c3R1ZHk=?= on June 25, 2008, 8:28 pm
If you were Registered and logged in, you could reply and use other advanced thread options
domain) as well...
"Steve Riley [MSFT]" wrote:
> The reversible encryption setting has nothing to do with Kerberos. You can
> keep your domain policy at the default and enable per-user reversible
> encryption on individual accounts.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> > Thanks. Some legacy application needs it...
> > Since kerberos settings ex) Maximum lifetime for service ticket, Maximum
> > lifetime for user ticket renewal, and Maximum tolerance for computer clock
> > synchronization are part of the account policy, there can only be one
> > kerberos settings per domain right (usually set at the default domain
> > policy)?
> >
> >
> > "Steve Riley [MSFT]" wrote:
> >
> >> Yes, you can enable this on a per-user basis as you describe.
> >>
> >> What requires you to do this? Just curious...
> >>
> >>
> >> --
> >> Steve Riley
> >> steve.riley@microsoft.com
> >> http://blogs.technet.com/steriley
> >> http://www.protectyourwindowsnetwork.com
> >>
> >>
> >>
> >> > The default domain policy's password policy has "enable reversible
> >> > encrypted
> >> > password" disabled and since there can be only one account policy per
> >> > domain,
> >> > this one takes precedence right?
> >> >
> >> > I found this though "To enable reversibly encrypted passwords for a
> >> > specific
> >> > user you can modify their User Properties -> Account options -> enable
> >> > Store
> >> > Password using Reversible Encryption. You must then reset their
> >> > password."
> >> > Does this work? I thought that the defaul domain policy's password
> >> > policy
> >> > always takes precedence and will win if there's a conflict with another
> >> > setting such as this.
> >> >
> >> > Thanks.
> >>
| 
XML site map