Select a product
- Select a category.
Use forest search order
This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain.
If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used.
Registry Information
| Vendor | Microsoft |
|---|---|
| Product | Kerberos Settings |
| Category | Kerberos |
| Applies to | Computer Configuration |
| Supported on | Windows7 |
| Registry Key | [HKLM]SoftwareMicrosoftWindowsCurrentVersionPoliciesSystemKerberosParameters |
| Value Name | UseForestSearch |
| Type | REG_DWORD |
| Enabled value | 1 |
| Disabled value | 0 |
Policy Settings
Forests to Search
| Registry Key | [HKLM]SoftwareMicrosoftWindowsCurrentVersionPoliciesSystemKerberosParameters |
|---|---|
| Value Name | ForestSearchList |
| Type | REG_SZ |