subject:"RE\: \[ActiveDir\] Trust Computer for delegation"

RE: [ActiveDir] Trust Computer for delegation

2004-10-08 Thread AD

hanks Y From: Grillenmeier, GuidoSent: Thu 07/10/2004 6:26 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Trust Computer for delegation if you have Win2000, you'll be opening security holes since basically any service could leverage tokens from other users connecting to it to do whatever i

RE: [ActiveDir] Trust Computer for delegation

2004-10-07 Thread Grillenmeier, Guido

if you have Win2000, you'll be opening security holes since basically any service could leverage tokens from other users connecting to it to do whatever it likes as the user that's why in 2003, constrained delegation was added, so you can configure it for just a specific service... /Guido