Identity & Access Flashcards

1
Q

Kerberos Constrained Delegation (KCD)

A

Kerberos constrained delegation is a feature that was introduced in Microsoft Windows Server® 2003 and is provided by two new extensions included in the implementation of the Kerberos V5 authentication protocol in Windows Server 2003:

Protocol transition : The protocol transition extension allows a service that uses Kerberos to obtain a Kerberos service ticket to itself on behalf of a Kerberos security principal (a user or a computer) without requiring the principal to initially authenticate to the KDC. Instead, a user sending a request to a service with credentials, such as an SSL client certificate, that are not acceptable for Kerberos authentication can be authenticated by any appropriate Windows authentication method. When authentication is completed, Windows creates a user token. Then, if the service has the necessary impersonation privileges in Windows, when the service uses this token to impersonate the user and request a Kerberos service ticket to another service, the service ticket issued, which is to the requesting service, is mapped to the user token. The service may use the service ticket obtained through protocol transition to obtain service tickets to other services and thereby delegate the credentials if the account under which the service is running is configured correctly to use the Kerberos constrained delegation extension.

Constrained delegation : The constrained delegation extension allows a service to obtain service tickets (under the delegated user’s identity) to a restricted list of other services running on specific servers on the network after it has been presented with a service ticket, which may be a service ticket obtained through protocol transition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

regsvr32 schmmgmt.dll

A

The extension or the modification of the Active Directory schema requires write access to the schema. This is enabled by means of the “Schema Update Allowed” registry key. Schema updates may be enabled by means of the Schema Management Console, or directly in the registry. The schema updates can only be enabled on the domain controller that holds the schema master role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Knowledge Consistency Checker (KCC)

A

rep

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Key Distribution Center (KDC)

A

rep

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Managed Service Account (MSA)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

group Managed Service Account (gMSA)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly