AD: External trusts and Kerberos

Published on Monday, September 14, 2009 in ,

Very recently I followed a question at activedir.org (very interesting mailing list!) concerning whether external trusts support Kerberos. (topic @ activedir.org)

Microsoft isn't always as clear about it, but the following articles does state it: Kerberos is only possible when a forest trust is created: http://technet.microsoft.com/nl-be/library/bb727065(en-us).aspx

And some other references:

Conclusion: External trusts only support NTLM authentication. External trusts are also known as "down-level trusts" or "Microsoft Windows NT Server 4.0 trusts."


Windows 2008 SP2 KMS: virtual counts!

Published on in ,

Seems like there are some change for the KMS in Windows 2008 SP2. Most important, there used to be a requirement of 5 physical requests to be able to activate server and 25 physical requests for Vista clients. With physical requests, I mean the request should originate from a non-virtual installed OS.

Though this has changed for Windows 2008 SP2:

A KMS hosted on Windows Vista or Windows Server 2008 SP2 now counts virtual machines toward the activation threshold.

In other words, environments which mainly consists of VM's now have the ability to setup a KMS withouth having to use workarounds.

Source: http://download.microsoft.com/download/5/A/2/5A29FA34-4E89-45AF-AA4D-7A148E66039E/Volume%20Activation%20Changes%20for%20Service%20Pack%202%20for%20Windows%20Vista%20and%20Windows%20Server%202008.docx