How to restrict Access to the Kerberos service to devices that require it in windows 2012 R2

Question

Vulnerability is detected on "Kerberos Information Disclosure" . According to the scan vulnerability scanning tool below vulnerability is detected on windows 2012 R2. We have to fix it.

Explanation of Issue
The remote Kerberos service discloses an accurate timestamp as well as the name of its authentication domain. This
information could prove useful to an attacker looking to attack the kerberos authentication system or other devices
which use it.

Recommendation
Access to the Kerberos service should be restricted to devices that require it.
According to the above recommendation we have to restrict the kerberos service to the devices.

Please share us the settings/configuration to restrict access to kerberos for a particular device/system

source link:https://social.technet.microsoft.com/Forums/windowsserver/en-US/0ed9c8a8-1da3-4e2d-876d-7875cb902acd/how-to-restrict-access-to-the-kerberos-service-to-devices-that-require-it-in-windows-2012-r2?forum=winserver8setup

Answer 1

Welcome to our new Microsoft Q&A Platform.

Due to limited condition,we can reproduce your environment to test.As for the Kerberos settings,you can find it in the following website:

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/kerberos-policy

And if you want further to modify the permissions,here is a similar question has been solved:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/f04ea8ca-a6c5-4a1c-ade7-a3f89dac09d0/kerberos-delegation-implications-for-active-directory-security-in-general?forum=winserverDS

That is not a issue,but for more information...you can see in the Microsoft official website to look for the features of Windows2012R2.