Alexander’s Blog

September 15, 2009

Why is KRBTGT account in Windows Sever 2003 disabled?

by Zubair Alexander @ 1:17 pm. Filed under Active Directory, Tips & Tricks, Windows 2000, Windows 2003

The reason that the KRBTGT account is disabled in Windows 2000/2003 Server is that there is no reason or need for someone to be logging in with the KRBTGT domain account. Therefore, it cannot be enabled. Because it is a built-in account, you cannot enable or rename KRBTGT account. If  you try to rename the account you will get the error:

One of the names could not be changed due to the following problem:
Cannot perform this operation on built-in accounts.
Please try again.

If you try to enable the account you will get the error:

Krbtgt could not be enabled due to the following problem:
Cannot perform this operation on built-in accounts.

Kerberos is the default authentication protocol in Windows 2000/2003. The KRBTGT account is used for Kerberos Ticket Granting Ticket (TGT). TGT  is a ticket that must be presented to the Kerberos service when a session request is made. The TGT is enciphered with a key that is derived from the password of the KRBTGT account, which is known only to the Kerberos service. As administrators we don’t need to mess with this account.

Contact E-mail | Terms of Use | Privacy Policy

Copyright © 2013 Zubair Alexander. All rights reserved.

Internal Links

Search Blog

Categories

Archives

September 2009
M T W T F S S
« Aug   Oct »
 123456
78910111213
14151617181920
21222324252627
282930  

RSS Feeds

TechGalaxy Visitors

24 queries. 0.374 seconds