Re: "Account is trusted for delegation" is not shown
- From: "RaYlee" <pplcm@xxxxxxx>
- Date: Wed, 7 May 2008 00:53:13 +0800
Hello Meinolf,
Thanks for your fast response. I really appreciate.
But I tried it many times in our office's windows 2003 server on setspn
command, but always failed
to add one SPN.
Is the command executed on the 2003 server?
Do you have any experience on running this command?
Thanks,
Raymond
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66988e78ca7dabc2b76959@xxxxxxxxxxxxxxxxxxxxxxx
Hello RaYlee,
Depends on the functional level, if you set it from a client with an older
adminpak on 2000 pro, you can still enable it. On the 2003 ADUC then you
have an additional tab called DELEGATION on the user properties.
Or you can enable the DELEGATION tab yourself for the user if needed on
2003 ADUC:
http://technet2.microsoft.com/windowsserver/en/library/bef202b0-c8e9-4999-9af7-f56b991a4fd41033.mspx?mfr=true
If you cannot see the Delegation tab, do one or both of the following:
Register a Service Principal Name (SPN) for the user account with the
Setspn utility in the support tools on your CD. Delegation is only
intended to be used by service accounts, which should have registered
SPNs, as opposed to a regular user account which typically does not have
SPNs.
Also see here:
http://technet2.microsoft.com/windowsserver/en/library/dac7ecea-7c82-43c0-847b-3a1a81454cfe1033.mspx?mfr=true
http://technet2.microsoft.com/windowsserver/en/library/bef202b0-c8e9-4999-9af7-f56b991a4fd41033.mspx?mfr=true
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
My god...I figured out what's happening.
It should be caused by raising functional level to windows 2003. I
found
that my testing PC at home is using
windows 2000 functional level. After I raise it to windows 2003, the
"Account is trusted for delegation"
disappear from the option list.
What should I do now?? As those installation guides require to set
this
option, if this disappear,
where I can proceed?
Please advice...
Raymond
"RaYlee" <pplcm@xxxxxxx> wrote in message
news:Ob4xQ23rIHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,
This is the first time I post question here...glad to have these
newsgroup for seeking help.
I encounter a problem in setting a property for a domain account.
I need to enable an account option for a user "Account is trusted for
delegation" in the user's properties
under Active Directory, however, this option is not available in the
Active Directory Users and Computer
in office computer. When I back home and turn on my testing PC, I
found
that this option is shown
on the form.
I really don't understand what is missing in our office's windows
2003 server configuration?
Please kindly help.
Thanks in advance,
Raymond
.
- Follow-Ups:
- Re: "Account is trusted for delegation" is not shown
- From: Meinolf Weber
- Re: "Account is trusted for delegation" is not shown
- References:
- Re: "Account is trusted for delegation" is not shown
- From: RaYlee
- Re: "Account is trusted for delegation" is not shown
- From: Meinolf Weber
- Re: "Account is trusted for delegation" is not shown
- Prev by Date: Re: could not start the Windows Firewall/Internet Connection Shari
- Next by Date: Windows 2003 Disk Quota
- Previous by thread: Re: "Account is trusted for delegation" is not shown
- Next by thread: Re: "Account is trusted for delegation" is not shown
- Index(es):
Relevant Pages
|
