Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
UserList
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
Description
The UserList subkey stores entries that associate a Kerberos security principal to a local Windows Server 2003 user account.
Computers that are running Windows Server 2003 can use a non-Windows Kerberos Key Distribution Center to administer authentication, instead of using a Windows Server 2003 domain. For ease of use, the system lets you map a Kerberos security principal, such as the name of a principal or a realm, to a local Windows user account.
This subkey stores mappings that you enter when you use the /MapUser command in Kerberos Setup (Ksetup.exe), a tool included in Windows Server 2003 Support Tools. Ksetup.exe adds the entries to the registry.
All entries in this subkey have the following format, where * indicates all users:
| Entry name | Data type | Value |
|---|---|---|
Kerberos-name or * |
REG_SZ |
Local-name or * |
For example, if you enter the following mapping command in Ksetup.exe:
ksetup /mapuser user@domain.reskit.com Guest
then Ksetup.exe adds the following entry to the UserList subkey:
| Entry name | Data type | Value |
|---|---|---|
user@domain.reskit.com |
REG_SZ |
Guest |
Change Method
To change the value of the entries in this subkey, use Ksetup.exe. Do not edit the registry.
Caution
- Mapping a Kerberos principal to a local account grants access to your computer to anyone who knows the password to the Kerberos principal. Use of a wildcard entry should be used cautiously, especially if it can reference a local account with administrative rights.