You all remember the maximum 2 hops for Kerberos right.. well in Microsoft land it works a little different and it is possible to create a multiple tier Kerberos delegation structure.
Basically we want the following to happen:
Client->IIS1->IIS2->IIS3->IIS4 where all hops require Kerberos authentication
In this case, IIS1, IIS2 and IIS3 need to be trusted for delegation. In my test lab I’ve used (http://support.microsoft.com/kb/314404) for the setup..
Anyone installed a forest trust before.. probably else you would not be reading this post.. how does authentication work in a forest trust?
Well there are two authentication mechanisms in Windows NTLM and Kerberos, both can be used in a forest trust, and both work differently. Setting it up brought me the following authentication schema..
So the problem:
All mailboxes of the users are migrated to a central Exchange server, comming from various Exchange 5.5/2003/2003 mailservers (contact me if you want to know how 🙂 ) . and mailboxes where cloned.. now the client needs to be pointed to the new exchange server else Outlook will not work. The challenge, how do you change your mapi profile.
We had 4 scenario’s
1: The domain is NT4 no trust or no domain at all!
2: The domain the user is in, has a trust with the Exchange domain
3 The domain the user is in is a Windows 2000/2003/2008 domain no trust
4: The user is in the domain
Wireless networks are always less protected than wired LANs since they do not require physical access to a cable inside the building. Enterprises use 802.1x security to strengthen the security of the wireless network. With Windows Home server this is also possible. Prior to using the wireless network users are requested to fill in their username and password. Based on group membership the user is granted or denied the usage of the wireless network.
What we need:
- Windows Home Server installed + DVD
- Wireless Access Point with 802.1x support
- Client with Windows XP or Windows Vista