As a WIN domain administrator, I want KfW to be usable when UAC is turned on so that domain users can do things that require UAC

Description

This is a surprisingly complex problem that requires better characterization.

A partial description of this family of problems is at http://k5wiki.kerberos.org/wiki/KfW_UAC_interactions

Activity

Show:
Tom Yu
February 10, 2016, 11:35 PM

Disabling or enabling UAC on a host requires a reboot. This can make troubleshooting more difficult. GP.Pismere turned off UAC since 2007 to work around this problem. Some containers have it turned back on though.

Tom Yu
March 30, 2016, 12:51 PM

We have a workaround that seems to work in ms2mit, but it can cause a Leah kinit popup the first time the new code is run when the registry key isn't already set to "MSLSA:". WIN domain logon scripts (which run ms2mit) seem like they can run concurrently with Leash startup, for unclear reasons.

Assignee

Unassigned

Reporter

Tom Yu

Labels

None

Components

Priority

Normal
Configure