Active Directory Computer Delegation
The general tab
When a computer is trusted for delegation it means that any services running on the local system can request services from other servers on behalf of the user.
- Do not trust this computer for delegation – specifies that no delegation is allowed on any of the computer’s services
- Trust this computer for delegation to any service(Kerberos only)- specifies that delegation of services on this computer is allowed only with Kerberos authentication
- Trust this computer for delegation to specified services only – specifies that only certain services are allowed to be delegated depending on the type of authentication protocol chosen
- The tab also displays a list of services to which the account can present credentials
- Expanded – lists all SPNs (service principal) names that are associated with the service that you chose for delegation
- The add and remove buttons can be used to add or remove Services from the list respectively
Related Articles
Active Directory Computer Delegation tab
The general tab When a computer is trusted for delegation it means that any services running on the local system can request services from other servers on behalf of the user. Do not trust this computer for delegation – specifies that no delegation ...Active Directory Computer
Real-world entities like Active Directory computers are fundamentally represented as objects. This video walks through Active Directory computer objects and will also give you a brief insight of its common and important attributes. Active Directory Computer Objects Management
A computer object in AD is used to model a real computer in an organizational network environment. Say for example, I bought a new computer machine -01 in my organization, and want to allow people to access various organizational resources through ...Active Directory Delegation: It Does Not Need to Be Hard!
In the final days of Windows NT, the lack of delegation features built into the product made administrators switch to Active Directory. It provided a simple method to delegate tasks to members with the help of the Delegate Control Wizard. This gave ...Active Directory Computer Objects Tabs
The general tab Some properties are assigned to a computer automatically once it’s joined to a domain, such as DNS name, Computer name, and Role etc. Even the administrator himself cannot change these properties. In the description box you can add a ...