'Trust computer for delegation' option.

sandiyan · Nov 13, 2003

I would like to have the above checked (enabled) to all the machines
in our our domain(AD sits on a windows 2000 server). We have a mix bag
of machines in our domain - W2k, Win 2003 and XP.

I was wondering how I could go about:

1. doing this to all machines in our domain - via script?

2. doing this via group policy so that all new machines that get
introduced to this environment will have this setup automatically.

Thanks,
Sandiyan.

Shawn Rabourn \(MS\) · Nov 16, 2003

To make a machine trusted for delegation all you need to do is increment
userAccountControl on the machine account by 524288.

You can use ldifde to do this on multiple machines.

305144 How to Use the UserAccountControl Flags to Manipulate User Account
http://support.microsoft.com/?id=305144

237677 Using LDIFDE to Import and Export Directory Objects to Active
Directory
http://support.microsoft.com/?id=237677

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.

sandiyan · Nov 19, 2003

Thanks. This is what I exactly wanted. I'll use VBScript/ADSI to script it.
cheers,
Sandiyan.

'Trust computer for delegation' option.

sandiyan

Shawn Rabourn \(MS\)

sandiyan