Your browser does not allow storing cookies. We recommend enabling them.


Special Considerations on Microsoft Windows Server 2003

When GSSAPI authentication is used on Tectia Server running on Windows 2003, you need to make additional configurations for users who do not have administrator privileges. For instructions on enabling the command prompt for GSSAPI users, see Enable Shell Access for Non-privileged GSSAPI Users.

Enable Shell Access for Non-privileged GSSAPI Users

Windows Server 2003 has more restrictive permission settings. Because of that, non-privileged domain users, who are authenticated using GSSAPI, do not by default have permissions to the command prompt executable (cmd.exe) that provides the users with shell access.

In this environment, additional steps need to be taken to allow shell access for non-privileged users:

  1. Go to the %WINDIR%\system32 folder (typically C:\WINDOWS\system32).

  2. Right-click the cmd.exe program, and select Properties from the shortcut menu. The cmd.exe Properties dialog box opens.

  3. On the Security tab, click Add to add Read & Execute rights to those domain users you want to allow to authenticate using GSSAPI.

    You can do one of the following actions:

    • Add each user separately (for example, add Domainname\username).

    • Add the NETWORK group. This will allow all users with valid domain accounts to authenticate using GSSAPI.

    • Add your own group that is a member of NETWORK and contains all users that you want to allow to authenticate using GSSAPI.

    Click OK when finished.

See also the general considerations on user name handling in User Logon Rights on Windows.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more