Microsoft network server: Attempt S4U2Self to obtain claim information This security setting is to support clients running a version of Windows prior to Windows 8 that are trying to access a file share that requires user claims. This setting determines whether the local file server will attempt to use Kerberos Service-For-User-To-Self (S4U2Self) functionality to obtain a network client principal's claims from the client's account domain. This setting should only be set to enabled if the file server is using user claims to control access to files, and if the file server will support client principals whose accounts may be in a domain which has client computers and domain controllers running a version of Windows prior to Windows 8. This setting should be set to automatic (default) so that the file server can automatically evaluate whether claims are needed for the user. An administrator would want to set this setting explicitly to "Enabled" only if there are local file access policies that include user claims. When enabled this security setting will cause the Windows file server to examine the access token of an authenticated network client principal and determine if claim information is present. If claims are not present the file server will then use the Kerberos S4U2Self feature to attempt to contact a Windows Server 2012 domain controller in the client's account domain, and obtain a claims-enabled access token for the client principal. A claims-enabled token may be needed to access files or folders which have claim-based access control policy applied. If this setting is disabled, the Windows file server will not attempt to obtain a claim-enabled access token for the client principal. Default: Automatic.
Microsoft network client: Digitally sign communications (always) This security setting determines whether packet signing ...
Microsoft network client: Digitally sign communications (if server agrees) This security setting determines whether the SMB ...
Microsoft network client: Send unencrypted password to connect to third-party SMB servers If this security setting is enabled, ...
Microsoft network server: Amount of idle time required before suspending a session This security setting determines the amount ...
Microsoft network server: Attempt S4U2Self to obtain claim information This security setting is to support clients running ...
Microsoft network server: Digitally sign communications (always) This security setting determines whether packet signing ...
Microsoft network server: Digitally sign communications (if client agrees) This security setting determines whether the SMB ...
Microsoft network server: Disconnect clients when logon hours expire This security setting determines whether to disconnect ...
Microsoft network server: Server SPN target name validation level This policy setting controls the level of validation a ...