hello,
I have 4 computers. Say XP1 (client), DC1 (domain controller), FS1 (file
server) and CA1 (certificate authority). I need to enable XP1 users (domain
accounts) to access EFS encrypted files on FS1. This requires a delegation
to be configured for FS1 (they will be generating new keys).
This works for me if I configure it for just UNconstrained delegation. But
what exactly should I configure in this scenario to work with constrained
delegation.
Currently, I have the following constrained delegation configured for FS1,
but it is not sufficient to enable the users/FS1 to obtain new certificates
from CA1:
fs1: can delegate to CIFS/DC1
fs1: can delegate to LDAP/DC1
fs1: can delegate to ProtectedStorage/DC1
fs1: can delegate to GC/DC1
fs1: can dleegate to RPCSS/CA1
fs1: can delegate to HOST/CA1
so which servrivce in addition should I enable to be delegated to?
ondrej.
|
Similar Threads
Linear Mode
