NIST's guidance for a Zero Trust Architecture

Active Directory Objects

Active Directory Computer Delegation tab

The general tab

When a computer is trusted for delegation it means that any services running on the local system can request services from other servers on behalf of the user.

Active Directory computer delegation tab
  • Do not trust this computer for delegation – specifies that no delegation is allowed on any of the computer’s services
  • Trust this computer for delegation to any service(Kerberos only)- specifies that delegation of services on this computer is allowed only with Kerberos authentication
  • Trust this computer for delegation to specified services only – specifies that only certain services are allowed to be delegated depending on the type of authentication protocol chosen
  • The tab also displays a list of services to which the account can present credentials
  • Expanded – lists all SPNs (service principal) names that are associated with the service that you chose for delegation
  • The add and remove buttons can be used to add or remove Services from the list respectively
Related posts
Active Directory Objects

Active Directory User properties – General tab

Active Directory Objects

AD computer object security tab

Active Directory Objects

Active Directory Computer Objects Tabs

Active Directory Objects

Active Directory Computer Object Management

Leave a Reply

Your email address will not be published. Required fields are marked *