Your browser does not allow storing cookies. We recommend enabling them.


Special Considerations on Microsoft Windows Server 2003

When GSSAPI authentication is used on Tectia Server running on Windows 2003, you need to make additional configurations for users who do not have administrator privileges. For instructions on enabling the command prompt for GSSAPI users, see Enable Shell Access for Non-privileged GSSAPI Users.

Enable Shell Access for Non-privileged GSSAPI Users

Windows Server 2003 has more restrictive permission settings. Because of that, non-privileged domain users, who are authenticated using GSSAPI, do not by default have permissions to the command prompt executable (cmd.exe) that provides the users with shell access.

In this environment, additional steps need to be taken to allow shell access for non-privileged users:

  1. Go to the %WINDIR%\system32 folder (typically C:\WINDOWS\system32).

  2. Right-click the cmd.exe program, and select Properties from the shortcut menu. The cmd.exe Properties dialog box opens.

  3. On the Security tab, click Add to add Read & Execute rights to those domain users you want to allow to authenticate using GSSAPI.

    You can do one of the following actions:

    • Add each user separately (for example, add Domainname\username).

    • Add the NETWORK group. This will allow all users with valid domain accounts to authenticate using GSSAPI.

    • Add your own group that is a member of NETWORK and contains all users that you want to allow to authenticate using GSSAPI.

    Click OK when finished.

See also the general considerations on user name handling in User Logon Rights on Windows.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now