:::MENU:::

Always send compound authentication first

This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity. Note: For a domain controller to request compound authentication the policies “KDC support for claims compound authentication and Kerberos armoring” and “Request compound authentication” must be configured and enabled in the resource account domain. If you enable this policy setting and the resource domain requests compound authentication devices that support compound authentication always send a compound authentication request. If you disable or do not configure this policy setting and the resource domain requests compound authentication devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication.


Additional Information

  1. Registry path is:

    HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> CurrentVersion -> Policies -> System -> Kerberos -> Parameters # AlwaysSendCompoundId

  2. The Administrative Template path is:

    System -> Kerberos

Notes

* Making mistakes while changing registry values can affect your system adversely. We recommend you to create a System Restore point before making registry manipulation. If you're new to Registry Editor, read this beginner's guide.
** To locate the registry and administrative template path, checkout beginner's guide.
You're here :
Checkout Kapil Sparks™