Getting a DES-encrypted TGT from AD server

Rechenberg, Andrew ARechenberg at
Tue Oct 14 11:46:58 EDT 2003

In Active Directory Users and Computers:

. Open the user's properties
. Click on the Account tab
. Scroll down to the bottom of the Account options window
. Click the checkbox labeled 'Use DES encryption types for this

You may start to get warnings and/or errors in your System log from the
KDC about this change, but everything should still work.

On Tue, 2003-10-14 at 09:59, M. S. Sriram wrote:
> Hello,
> I am trying to pass delegated credentials from Internet Explorer to
> IIS, where the credentials are being accessed by an application that
> only supports DES encryption types.
> I have used AD server settings to cause the original TGT (issued on
> signin) to use DES-CBC-MD5, but I find (examining the client's
> credential cache) that the forwarded TGT uses RSADSI-RC4-HMAC.
> Is there any way to force AD server to use only DES encryption type
> for a user? (If this is not the right group for this question, I'd
> appreciate a pointer to a more appropriate forum.)
> - Sriram
> ________________________________________________
> Kerberos mailing list           Kerberos at

Andrew Rechenberg
Infrastructure Team, Sherman Financial Group

More information about the Kerberos mailing list