Vista / UAC

Jeffrey Altman jaltman at
Wed Feb 28 21:28:35 EST 2007

Tim Alsop wrote:
> Hello,
> I am intersted in how far you have got with developing support for MS
> WIndows cache on Vista. We find our code works well, but only if UAC is
> turned off. This is because when UAC is enabled the session key in a
> service ticket is returned as all zero's instead of a valid session key.
> The result is that a server application that is accepting a security
> context fails to accept the context using the key from a key table file
> on server. I plan to raise a support call with MS, but wanted to check
> first if you had already talked to MS and found a solution to this
> problem ?
> Regards,
> Tim


This is working as designed.

When the user is a normal user and the AllowTGTSessionKey value is
non-zero, the session key may be extracted.

When the user is an administrator and UAC is active, the session key can
only be extracted if the AllowTGTSessionKey value is non-zero and the
process is running with elevated privileges.

Jeffrey Altman
Secure Endpoints Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list