Windows 10: Kerberos settings not found











up vote
1
down vote

favorite












In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark.
In this document, there is the rule that Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Account Policies >> Kerberos Policy >> Enforce user logon restrictions should be Enabled.



I've searched for this settings in Windows Server 2016, Windows 10 Education, Windows 10 Enterprise, and Windows 10 Pro and it was nowhere visible ....



enter image description here



What do I have to activate or enable to see the Kerberos Policies?










share|improve this question




























    up vote
    1
    down vote

    favorite












    In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark.
    In this document, there is the rule that Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Account Policies >> Kerberos Policy >> Enforce user logon restrictions should be Enabled.



    I've searched for this settings in Windows Server 2016, Windows 10 Education, Windows 10 Enterprise, and Windows 10 Pro and it was nowhere visible ....



    enter image description here



    What do I have to activate or enable to see the Kerberos Policies?










    share|improve this question


























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark.
      In this document, there is the rule that Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Account Policies >> Kerberos Policy >> Enforce user logon restrictions should be Enabled.



      I've searched for this settings in Windows Server 2016, Windows 10 Education, Windows 10 Enterprise, and Windows 10 Pro and it was nowhere visible ....



      enter image description here



      What do I have to activate or enable to see the Kerberos Policies?










      share|improve this question















      In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark.
      In this document, there is the rule that Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Account Policies >> Kerberos Policy >> Enforce user logon restrictions should be Enabled.



      I've searched for this settings in Windows Server 2016, Windows 10 Education, Windows 10 Enterprise, and Windows 10 Pro and it was nowhere visible ....



      enter image description here



      What do I have to activate or enable to see the Kerberos Policies?







      windows-10 windows-server-2016






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 22 at 12:12

























      asked Nov 22 at 9:23









      Patrick Stoeckle

      82




      82






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          You are not seeing this policy on Windows 10, since it applies
          on a Windows Server which is also a domain controller.



          STIG Viewer
          says about it:




          This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




          Microsoft documentation is conflicting on this, but one possible interpretation
          is that the effect of this setting is to make the DC check the AD user's
          account policies such as logon hours and workstation restrictions.



          I don't really know if this policy applies on a stand-alone computer,
          and the fact that it is not to be found on Windows 10 may indicate
          that indeed it does not apply at all.






          share|improve this answer





















            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377519%2fwindows-10-kerberos-settings-not-found%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote



            accepted










            You are not seeing this policy on Windows 10, since it applies
            on a Windows Server which is also a domain controller.



            STIG Viewer
            says about it:




            This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




            Microsoft documentation is conflicting on this, but one possible interpretation
            is that the effect of this setting is to make the DC check the AD user's
            account policies such as logon hours and workstation restrictions.



            I don't really know if this policy applies on a stand-alone computer,
            and the fact that it is not to be found on Windows 10 may indicate
            that indeed it does not apply at all.






            share|improve this answer

























              up vote
              0
              down vote



              accepted










              You are not seeing this policy on Windows 10, since it applies
              on a Windows Server which is also a domain controller.



              STIG Viewer
              says about it:




              This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




              Microsoft documentation is conflicting on this, but one possible interpretation
              is that the effect of this setting is to make the DC check the AD user's
              account policies such as logon hours and workstation restrictions.



              I don't really know if this policy applies on a stand-alone computer,
              and the fact that it is not to be found on Windows 10 may indicate
              that indeed it does not apply at all.






              share|improve this answer























                up vote
                0
                down vote



                accepted







                up vote
                0
                down vote



                accepted






                You are not seeing this policy on Windows 10, since it applies
                on a Windows Server which is also a domain controller.



                STIG Viewer
                says about it:




                This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




                Microsoft documentation is conflicting on this, but one possible interpretation
                is that the effect of this setting is to make the DC check the AD user's
                account policies such as logon hours and workstation restrictions.



                I don't really know if this policy applies on a stand-alone computer,
                and the fact that it is not to be found on Windows 10 may indicate
                that indeed it does not apply at all.






                share|improve this answer












                You are not seeing this policy on Windows 10, since it applies
                on a Windows Server which is also a domain controller.



                STIG Viewer
                says about it:




                This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




                Microsoft documentation is conflicting on this, but one possible interpretation
                is that the effect of this setting is to make the DC check the AD user's
                account policies such as logon hours and workstation restrictions.



                I don't really know if this policy applies on a stand-alone computer,
                and the fact that it is not to be found on Windows 10 may indicate
                that indeed it does not apply at all.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 22 at 10:50









                harrymc

                249k10257550




                249k10257550






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377519%2fwindows-10-kerberos-settings-not-found%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    AnyDesk - Fatal Program Failure

                    How to calibrate 16:9 built-in touch-screen to a 4:3 resolution?

                    QoS: MAC-Priority for clients behind a repeater