Services for User to Self Configuration
Applies To: Windows Server 2008 R2
Services for User to Self (S4USelf) provides the ability for a service to request a Kerberos ticket on behalf of a user account.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-Kerberos-Key-Distribution-Center |
The account %1 from domain %2 is attempting to use S4USelf for the target client %3, but is not allowed to perform group expansion on this client's user object. It may be necessary to adjust the ACL on the TokenGroupsGlobalAndUniversal attribute on the target client's user object to allow S4USelf to function correctly. This can also be accomplished by adding %1 to the Windows Authorization Access Group. |