Windows Admin Center Kerberos Constrained Delegation

From Wiki.CoreyBlair.US
Jump to navigation Jump to search

In order to have a "Single Sign On" experience in the Windows Admin Center, you must delegate kerberos from the server that WAC is installed on, down to the endpoint that is being managed. The following commands can help with this.

  • Open Powershell as an administrator and enter the following commands to delegate to any windows servers in your active directory.
$gateway = "NameofYourGateway"
  • Notice that the bold text should be the name of the host of your windows admin center installation.
$gatewayObject = Get-ADComputer -Identity $gateway
Get-ADComputer -Filter { OperatingSystem -Like '*Windows Server*' } | Set-ADComputer -PrincipalsAllowedToDelegateToAccount $gatewayObject
  • Notice that the Bold text of "Windows Server", this can be changed to reflect any computer object in Active Directory by changing it to reflect some part of the "name" field under the "Operating System" tab in Active Directory.
Retrieved from "https://wiki.coreyblair.us/index.php?title=Windows_Admin_Center_Kerberos_Constrained_Delegation&oldid=1363"