Export (0) Print
Expand All
2 out of 8 rated this helpful - Rate this topic

Allow a user to be trusted for delegation

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To allow a user to be trusted for delegation

In a Windows Server 2003 domain

  1. Open Active Directory Users and Computers.

  2. In the console tree, click Users.

    Where?

    • DomainName/Users

  3. In the details pane, right-click the user you want to be trusted for delegation, and click Properties.

  4. Click the Delegation tab, select the Account is trusted for delegation check box, and then click OK.

Note

  • If you cannot see the Delegation tab, do one or both of the following:

    • Register a Service Principal Name (SPN) for the user account with the Setspn utility in the support tools on your CD. Delegation is only intended to be used by service accounts, which should have registered SPNs, as opposed to a regular user account which typically does not have SPNs.

    • Raise the functional level of your domain to Windows Server 2003 . For more information, see Related Topics.

In a Windows 2000 native domain

  1. Open Active Directory Users and Computers.

  2. In the console tree, click Users.

  3. In the details pane, right-click the user you want to be trusted for delegation, and click Properties.

  4. Click the Accounts tab, select the Account is trusted for delegation check box, and then click OK.

Notes

  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  • For security reasons, do not allow servers on the enterprise network to perform delegation at will on behalf of any network connection.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.