kfw-4.1: ms2mit in virtual setups?
John Devitofranceschi
foonon at gmail.com
Wed Sep 22 13:40:42 EDT 2021
> On Sep 18, 2021, at 8:21 AM, John Devitofranceschi <foonon at gmail.com> wrote:
>
> On Sep 18, 2021, at 12:50 AM, Greg Hudson <ghudson at MIT.EDU> wrote:
>>
>> On 9/17/21 5:14 PM, John Devitofranceschi wrote:
>>> I can see that “AllowTGTSessionKey” is set to ‘1’ in the virtual registry. Is that not sufficient? Any way around this?
>>
>> The current documentation of AllowTgtSessionKey says: "With active
>> Credential Guard in Windows 10 and later versions of Windows, you cannot
>> enable sharing the TGT session keys with applications anymore."
>
>
> I’ve read that too, but Credential Guard is not running, according to the “System Information” panel on our test host.
>
>
It turns out that it works just fine if you set allowtgtsessionkey in the system registry. It is not sufficient to simply set it in the virtual registry.
jd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4056 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20210922/9aeee6cb/attachment.bin
More information about the Kerberos
mailing list