Sabine Ludewig1709156713 Posted November 17, 2022 Share Posted November 17, 2022 Hi all I was wondering whether this is an expected behaviour or if I can do anything about it. I'm trying to add a worker from a pvs collection to a machine catalog in Citrix Studio (looged in to the DDC). But when my account is member of the AD- group Protcted Users, connecting to the PVS server fails. Any ideas how to work around this issue wihout removing the account from the group? Thanks Link to comment
0 Ghisoiu Cornel Posted November 22, 2022 Share Posted November 22, 2022 Hi. Some info related to the Protected users group: https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group Some actions can't be performed by protected users group members: Members of the Protected Users group who are signed-on to Windows 8.1 devices and Windows Server 2012 R2 hosts can no longer use: Default credential delegation (CredSSP) - plaintext credentials are not cached even when the Allow delegating default credentials policy is enabled Windows Digest - plaintext credentials are not cached even when they are enabled NTLM - NTOWF is not cached Kerberos long term keys - Kerberos ticket-granting ticket (TGT) is acquired at logon and cannot be re-acquired automatically Sign-on offline - the cached logon verifier is not created If the domain functional level is Windows Server 2012 R2 , members of the group can no longer: Authenticate by using NTLM authentication Use Data Encryption Standard (DES) or RC4 cipher suites in Kerberos pre-authentication Be delegated by using unconstrained or constrained delegation Renew user tickets (TGTs) beyond the initial 4-hour lifetime Best of luck. Link to comment
0 Sabine Ludewig1709156713 Posted December 15, 2022 Author Share Posted December 15, 2022 Thanks Ghisoiu for the info. Yet I'm wondering who this affects the authentication process when adding machines from PVS to studio. Link to comment
Question
Sabine Ludewig1709156713
Hi all
I was wondering whether this is an expected behaviour or if I can do anything about it.
I'm trying to add a worker from a pvs collection to a machine catalog in Citrix Studio (looged in to the DDC).
But when my account is member of the AD- group Protcted Users, connecting to the PVS server fails.
Any ideas how to work around this issue wihout removing the account from the group?
Thanks
Link to comment
2 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now