Kerberos Policy Settings

F

Frank Pesce

One of my Windows Adv. 2000 Servers repeatedly logged
1202,454,1000,& 412 Event ID errors in the application
event log. I found this article (278316) that specifically
addressed these errors and said the Group Policy file was
corrupted and gave a specific resolution to recreate the
LOCAL Group Policy.

I followed the steps and everything seemed to be fine. But
when I checked the policies I found that my DOMAIN
Password, Account Lockout and Kerberos Policy had been
wiped out (not defined). I remembered the Password and
account policy and reset them. But I do not know what the
Kerberos Policies where set to. Should I just enable all
of them in default mode? Or should I just leave it.
Because I don't remember if they were even setup.

Any help would be greatly appreciated!
 
G

Guest

Frank

You must decide if this settings are acceptable in the environment that you are running, but some accepted settings for Kerberos Policies are
"Enforce user logon restrictions" "Enabled
"Max Lifetime for Serv ticket" "600 Minutes" or les
"Max Lifetime for User ticket" "10 Hours" or les
"Max Lifetime for User ticket renewal" "7 Days" or les
"Max tolerance for Computer Clock Sync" " 5 Min" or les

You may apply this settings, but like any settings in your domain, you must research them and understand what they do

OI
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Kerberos policy on Windows 2000 domain controllers 1
Windows 7 / Windows Vista kerberos differencies 4
Domain only policies 1
How do I change password policy for my domain (have tryed everything) 3
Default Domain Policy 5
Security Event 676 - Kerberos Failure Code 6 4
Domain Admin Account locked 3
Kerberos Policy Settings 3

Top