Printable View
I would like to know the significance of the above setting under the
network name parameters. Is there a best practice as to whether this
option should be turned on for a file share? I know that enabling it
will create a virtual server in AD. Is this recommended? Thanks
For clusters in an Active Directory domain, enable Kerberos authentication
for Network Name resources.
Kerberos authentication is much more secure than the alternative, NTLM
authentication. Note that when you enable Kerberos authentication, you must
add certain rights and permissions to the account that the Cluster service
creates for the Network Name resource, and possibly to the Cluster service
account itself. For more information, see Knowledge Base article 307532, "How
to troubleshoot the Cluster service account when it modifies computer
objects," on the Microsoft Support Web site.
-Best practices for securing server clusters:
http://technet.microsoft.com/en-us/l.../cc785168.aspx
Server Cluster Best Practices
http://technet.microsoft.com/en-us/l.../cc781143.aspx
Regards,
ProADGuy
"Tom" wrote:
> I would like to know the significance of the above setting under the
> network name parameters. Is there a best practice as to whether this
> option should be turned on for a file share? I know that enabling it
> will create a virtual server in AD. Is this recommended? Thanks
>
Tom ,
in addition to security advantages (mutual authentiation between client and
server, characteristics superior when compared with NTLM), this is a
requirement when using delegation (this comes into play in a variety of
scenarios - e.g. when creating a clustered encrypted file share)...
hth
Marcin
"Tom" <[email protected]> wrote in message
news:a337666c-b961-4a15-9f5e-562a871f1e8c@k36g2000pri.googlegroups.com...
>I would like to know the significance of the above setting under the
> network name parameters. Is there a best practice as to whether this
> option should be turned on for a file share? I know that enabling it
> will create a virtual server in AD. Is this recommended? Thanks