Why use - Trust this user for Delegation to any server (Keberos only) when configuring ConfigMgr

In a recent post I made:

http://myitforum.com/cs2/blogs/rcrumbaker/archive/2007/10/12/system-center-configuration-management-with-remote-sql-installations.aspx

I said that I did an additional step:

The other things I did to help was Open up AD for Users and computers and find the Domain Account that you used in the SetSPN command and go to the Delegation Tab. Change the items to Trust this user for Delegation to any server (Keberos only) and do the same for the Computer account on which SCCM is installed.

Many people have pinged me offline asking me why I performed this additional step.

So, the reason I did this step was to help secure ConfigMgr even more. This step will ensure only TCP (Keberos) communication between the SQL database and the Site server for that particular port number of the instance of SQL 2005 you are using within your ConfigMgr infrastructure.

Trackbacks

No Trackbacks

Comments

No Comments

Ron Crumbaker at myITforum.com, Inc.

Not your ordinary CAMARO owner

Why use - Trust this user for Delegation to any server (Keberos only) when configuring ConfigMgr

Trackbacks

Comments

Search

Navigation

About Me

Tags

Recent Posts