Windows 10: Kerberos settings not found











up vote
1
down vote

favorite












In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark.
In this document, there is the rule that Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Account Policies >> Kerberos Policy >> Enforce user logon restrictions should be Enabled.



I've searched for this settings in Windows Server 2016, Windows 10 Education, Windows 10 Enterprise, and Windows 10 Pro and it was nowhere visible ....



enter image description here



What do I have to activate or enable to see the Kerberos Policies?






windows-10 windows-server-2016







share|improve this question




























    up vote
    1
    down vote

    favorite












    In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark.
    In this document, there is the rule that Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Account Policies >> Kerberos Policy >> Enforce user logon restrictions should be Enabled.



    I've searched for this settings in Windows Server 2016, Windows 10 Education, Windows 10 Enterprise, and Windows 10 Pro and it was nowhere visible ....



    enter image description here



    What do I have to activate or enable to see the Kerberos Policies?






    windows-10 windows-server-2016







    share|improve this question


























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark.
      In this document, there is the rule that Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Account Policies >> Kerberos Policy >> Enforce user logon restrictions should be Enabled.



      I've searched for this settings in Windows Server 2016, Windows 10 Education, Windows 10 Enterprise, and Windows 10 Pro and it was nowhere visible ....



      enter image description here



      What do I have to activate or enable to see the Kerberos Policies?






      windows-10 windows-server-2016







      share|improve this question















      In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark.
      In this document, there is the rule that Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Account Policies >> Kerberos Policy >> Enforce user logon restrictions should be Enabled.



      I've searched for this settings in Windows Server 2016, Windows 10 Education, Windows 10 Enterprise, and Windows 10 Pro and it was nowhere visible ....



      enter image description here



      What do I have to activate or enable to see the Kerberos Policies?






      windows-10 windows-server-2016




      windows-10 windows-server-2016






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 22 at 12:12

























      asked Nov 22 at 9:23









      Patrick Stoeckle

      82




      82






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          You are not seeing this policy on Windows 10, since it applies
          on a Windows Server which is also a domain controller.



          STIG Viewer
          says about it:




          This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




          Microsoft documentation is conflicting on this, but one possible interpretation
          is that the effect of this setting is to make the DC check the AD user's
          account policies such as logon hours and workstation restrictions.



          I don't really know if this policy applies on a stand-alone computer,
          and the fact that it is not to be found on Windows 10 may indicate
          that indeed it does not apply at all.






          share|improve this answer





















            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377519%2fwindows-10-kerberos-settings-not-found%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote



            accepted










            You are not seeing this policy on Windows 10, since it applies
            on a Windows Server which is also a domain controller.



            STIG Viewer
            says about it:




            This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




            Microsoft documentation is conflicting on this, but one possible interpretation
            is that the effect of this setting is to make the DC check the AD user's
            account policies such as logon hours and workstation restrictions.



            I don't really know if this policy applies on a stand-alone computer,
            and the fact that it is not to be found on Windows 10 may indicate
            that indeed it does not apply at all.






            share|improve this answer

























              up vote
              0
              down vote



              accepted










              You are not seeing this policy on Windows 10, since it applies
              on a Windows Server which is also a domain controller.



              STIG Viewer
              says about it:




              This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




              Microsoft documentation is conflicting on this, but one possible interpretation
              is that the effect of this setting is to make the DC check the AD user's
              account policies such as logon hours and workstation restrictions.



              I don't really know if this policy applies on a stand-alone computer,
              and the fact that it is not to be found on Windows 10 may indicate
              that indeed it does not apply at all.






              share|improve this answer























                up vote
                0
                down vote



                accepted







                up vote
                0
                down vote



                accepted






                You are not seeing this policy on Windows 10, since it applies
                on a Windows Server which is also a domain controller.



                STIG Viewer
                says about it:




                This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




                Microsoft documentation is conflicting on this, but one possible interpretation
                is that the effect of this setting is to make the DC check the AD user's
                account policies such as logon hours and workstation restrictions.



                I don't really know if this policy applies on a stand-alone computer,
                and the fact that it is not to be found on Windows 10 may indicate
                that indeed it does not apply at all.






                share|improve this answer












                You are not seeing this policy on Windows 10, since it applies
                on a Windows Server which is also a domain controller.



                STIG Viewer
                says about it:




                This policy setting determines whether the Kerberos Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the target computer. The policy is enabled by default which is the most secure setting for validating access to target resources is not circumvented.




                Microsoft documentation is conflicting on this, but one possible interpretation
                is that the effect of this setting is to make the DC check the AD user's
                account policies such as logon hours and workstation restrictions.



                I don't really know if this policy applies on a stand-alone computer,
                and the fact that it is not to be found on Windows 10 may indicate
                that indeed it does not apply at all.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 22 at 10:50









                harrymc

                249k10257550




                249k10257550






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377519%2fwindows-10-kerberos-settings-not-found%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    QoS: MAC-Priority for clients behind a repeater

                    Image
                    1 1 I've setup a wireless network using a Linksys-Router (DD-WRT) as an AP and a TP-Link repeater for range extension. To manage bandwith for specific users, I've setup QoS-Rules on the AP (DD-WRT) using MAC-Priority: However the AP shows only the Repeater's MAC and the MACs of users inside the AP-Range. The MAC addresses of users behind the Repeater are not listed : The purple MAC is not listed in the AP-Clientlist. Its related to a device connected via the TP-Link repeater. Q: How can I setup MAC-Priority for repeater-clients? Do I simply add the purple MAC in AP-MAC priority list although it's not listed as a client? I want to setup specific priority instead of giving one priority for all clients behind the repeater by adding the repeater's MAC in the MAC priority list in the AP as
                    Read more

                    Ивакино (Тотемский район)

                    Image
                    У этого топонима есть и другие значения, см. Ивакино. Деревня Ивакино 59°42′01″ с. ш. 42°01′36″ в. д. H G Я O Страна Россия   Россия Субъект Федерации Вологодская область Муниципальный район Тотемский район Сельское поселение Погореловское История и география Тип климата умеренно-континентальный Часовой пояс UTC+3 Население Население 33 человека ( 2002 ) Национальности русские Цифровые идентификаторы Почтовый индекс 161327 Код ОКАТО 19 246 848 008 Код ОКТМО 19 646 448 136 Прочее Рег. номер 6261 Показать/скрыть карты Ивакино Ивакино Ивакино Ивакино — деревня в Тотемском районе Вологодской области. Входит в состав Погореловского сельского поселения [1] , с точки зрения административно-территориального деления — в Погореловский сельсовет. Расстояние по автодороге до районного центра Тотьмы — 61,5 км, до центра муниципального образования деревни Погорелово — 1,5 км.
                    Read more

                    Can't locate Autom4te/ChannelDefs.pm in @INC (when it definitely is there)

                    Image
                    up vote 1 down vote favorite I've been running into trouble running make for a build process that I know works on a 32-bit Ubuntu VM. I am running a 64-bit Ubuntu VM, and I have a feeling that the 64-bit may be the problem, but am not entirely sure. Basically, when I run the make command, I get the following error: Can't locate Autom4te/ChannelDefs.pm in @INC (@INC contains: [...]/staging_dir/host/share/autoconf /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at [...]/staging_dir/host/bin/autoreconf line 40. Now if I navigate to [...]/staging_dir/host/share/autoconf I can see that, contrary to what autoreconf thinks, Autom4te/ChannelDefs.pm definitely exists, so I don't really understand what
                    Read more