Before applying Kerberos Delegation to a Network Share Folder workflow, Administrators must use Windows Administrative Tools > Active Directory Users and Computers to configure Kerberos Delegation.
The Administrator must complete the following tasks.
See Access Windows Administrative Tools > Active Directory Users and Computers for more information.
To configure Kerberos Delegation
For the Service Account user
A service account is a special user account that an application or service uses to interact with an operating system.
-
Select Users on the Active Directory Users and Computers pane.
-
Create or right-click the Service Account User and select Properties.
-
Select the Delegation tab.
-
Select the following options:
-
Trust this user for delegation to specified services only
-
Use any authentication protocol.
-
Select the services you want to use; for example, cifs, clipsrv, and more, if necessary.
-
Click Apply and OK.
For the computer
-
Select Computers on the Active Directory Users and Computers pane.
-
Find and right-click the appropriate computer(s) and select Properties.
-
Select the Delegation tab.
-
Select the following options:
-
Trust this computer for delegation to specified services only
-
Use any authentication protocol
-
Select the services you want to use; for example, cifs, clipsrv, and more, if necessary.
-
Click Apply and OK.
For the Local Security Policy computer/account
-
On the Start menu, select Windows Administrative Tools or type Administrative Tools in the Taskbar Search box.
-
Select Local Security Policy.
-
Select Local Policies.
-
Select User Rights Assignments.
-
Select Act as part of the operating system.
-
Select Add User or Group.
-
Type the name of the Service Account User in the Enter the object names to select box.
-
Click OK.
Note: This is required. Restart the computer(s) with Kerberos Delegation after configuration is complete.
See also
Applying Kerberos Delegation to a Network Share Folder Workflow