Advantages of active directory domain services
![advantages of active directory domain services advantages of active directory domain services](https://ars.els-cdn.com/content/image/3-s2.0-B9781597495783000049-f04-31-9781597495783.jpg)
#ADVANTAGES OF ACTIVE DIRECTORY DOMAIN SERVICES WINDOWS 8#
You will have Flexible Authentication Secure Tunneling (FAST) on your network between domain-joined Windows 8 clients and Windows Server 2012-based Domain Controllers after the next Group Policy refresh cycle. Here, enable the Kerberos client support for claims, compound authentication and Kerberos armoring Group Policy: Open the Group Policy object and navigate to Computer Configuration, Administrative Templates, System, Kerberos. Point your Group Policy Management Console (GPMC), assign a Group Policy object to the Organization Unit(s) containing your domain-joined Windows 8 computers. When you choose the ‘Supported’ setting and link the Group Policy to the Domain Controllers Organizational Unit (OU), it’s time to enable Flexible Authentication Secure Tunneling (FAST) on the Windows 8 clients. This Group Policy supports four possible settings after you enable it: The Group Policy you need for this is located in Computer Configuration, Administrative Templates, System, KDC and is named KDC support for claims, compound authentication and Kerberos armoring: When FAST is required, this enables the Compound Authentication functionality in Dynamic Access Control (DAC), allowing authorization based on the combination of both user claims and device claims.Įnabling Flexible Authentication Secure Tunneling (FAST) can be achieved through Group Policy once you fulfill the requirements. With FAST enabled and required, brute forcing the reply key is no longer possible and the highest possible cryptographic protocols and cipher strengths are guaranteed to be used by Windows 8 clients in their pre-authentication traffic with Windows Server 2012 Domain Controllers. With FAST in place, it is relatively straightforward to chain multiple authentication mechanisms, utilize a different key management system, or support a new key agreement algorithm. FAST provides a protected channel between the client and the Key Distribution Center (KDC), and it can optionally deliver key material used to strengthen the reply key within the protected channel. Sometimes, this feature is referred to as Kerberos Armoring, but Flexible Authentication Secure Tunneling (FAST) is it’s official name defined by the April 20.įlexible Authentication Secure Tunneling (FAST) is part of the framework for Kerberos Pre-authentication. This new features solves common security problems with Kerberos and also makes sure clients do not fall back to less secure legacy protocols or weaker cryptographic methods. A whole new security feature in Active Directory Domain Services in Windows Server 2012 listens to the name Flexible Authentication Secure Tunneling (FAST).