Share via

Ksetup Examples

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

KSetup Examples

Example 1: Configure a UNIX KDC server and workstation realm

Run the KSetup tool on a Windows XP Professional–based workstation to configure the UNIX KDC server and the realm that the workstation should use. Type the following at the command line to set the UNIX realm:

ksetup /addkdc DOMAIN.MICROSOFT.COM mitkdc.microsoft.com

Finally, type the following at the command line to set the local computer account password:

ksetup /setcomputerpassword p@ssword1!

Restart the computer for the changes to take effect.

Example 2: Authenticate a realm's principals

Type the following at the command line to authenticate the principals of the given realm if they present valid Kerberos tickets:

ksetup /mapuser user@DOMAIN.MICROSOFT.COM guest

Note

  • The computer will authenticate the principals of the given realm if they present valid Kerberos tickets. Any principal from the given Kerberos realm will be treated as Guest for local authorization purposes.

Example 3: Configure a single sign-on to local workstation accounts

Type the following at the command line to authenticate the principals of the given realm if they present valid Kerberos tickets:

ksetup /mapuser user@DOMAIN.MICROSOFT.COM guest

Note

  • In this case, any principal from the given Kerberos realm will be treated as Guest for local authorization purposes. For example, accessing a file or registry key will be granted or denied as though the Guest had attempted to access the file or registry key.

Example 4: List the available realm flags that ksetup knows

Type the following at the command line to map clients to local accounts of the same name:

ksetup /ListRealmFlags

Ksetup knows the following realm flags:
0x00 None         No Realm Flags
0x01 SendAddress  Include IP numbers within tickets.
                  Useful for solving SOME compatibility issues.
0x02 TcpSupported Indicates that this realm supports TCP.
                  (as opposed to just UDP)
0x04 Delegate     Everyone in this realm is trusted for delegation
0x08 NcSupported  This realm supports Name Canonicalization...

Note

  • To list the available realm flags that KSetup does not know, type either of the following commands at the command line:

    • /SetRealmFlags REALM SendAddress TcpSupported Delegate NcSupported

    • /SetRealmFlags REALM 0xF

See Also

Concepts

Ksetup Overview
Ksetup Remarks
Ksetup Syntax
Alphabetical List of Tools
Xcacls Overview
Sidwkr.dll
Sidwalker Security Administration Tools
Sidwalk Overview
Showaccs Overview
Sdcheck Overview
Ktpass Overview
Getsid Overview
Addiag.exe