Computer/User Node :
MACHINE
Policy Path :
Administrative
Templates\System\Remote Procedure Call
Supported on :
At least Microsoft Windows Server 2003
Help/Explain Text :
Directs the
RPC Runtime to ignore delegation failures if delegation was asked for. Windows
Server 2003 family includes a new delegation model - constrained delegation. In
this model the security system does not report that delegation was enabled on a
security context when a client connects to a server. Callers of RPC and COM are
encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but
some applications written for the traditional delegation model may not use this
flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that
uses constrained delegation. If you disable this setting, do not configure it
or set it to Off, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to
applications that ask for delegation and connect to servers using constrained
delegation. If you configure this setting to On, the RPC Runtime will accept
security contexts that do not support delegation as well as security contexts
that do support delegation. -- Off directs the RPC Runtime to generate
RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security
context does not support delegation. -- On directs the RPC Runtime to accept
security contexts that do not support delegation even if delegation was asked
for.
Registry Settings :
HKLM\Software\Policies\Microsoft\Windows
NT\Rpc\IgnoreDelegationFailure!IgnoreDelegationFailure
0 التعليقات:
Post a Comment