Constrained Delegation (using Kerberos) for a Service to be trusted for Delegation RRS feed

  • Question

  • In the POC we are trying, a Service impersonates a user in order to be able to access a file on file system.

    The POC is from link

    We have been trying constrained delegation as per the link

    We were able to achieve impersonation if the service is trusted for delegation in the domain controller and the service runs under “Local System” account. Trying to run the service as WinAD user isn't able to impersonate.

    We have followed thesteps mentioned in the link

    Some of the things we came across about the configuration are:

    • The Domain Functional level to be more than Windows Server 2003 Also

    • Providing SeTcbPrivilege
    • To set SPN

    • Making the user part of Pre
           Windows 2000 Compatible

    • Moved by Shu 2017 Tuesday, February 3, 2015 6:51 AM
    Friday, January 30, 2015 10:13 AM


All replies