Policy

Enable Delegated Managed Service Account logons

This policy setting enables or disables delegated managed service account logons for this machine. If you enable this policy setting, delegated managed service account logons will be supported by the Kerberos client. Note that this policy has certain prerequites. The prerequisites and the directions to create a new delegated managed service account can be found at https://go.microsoft.com/fwlink/?linkid=2250379. If you disable or do not configure this policy setting, delegated managed service account logons will not be supported.

Policy
PackMicrosoft Windows
CategorySystem / Kerberos
Policy IDad7632f4067b
Internal nameDelegatedMSAEnabled

Registry

Copy registry mappings

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DelegatedMSAEnabled (enabled) = 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DelegatedMSAEnabled (disabled) = 0
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\DmsaRealms

Policy notes

This policy setting enables or disables delegated managed service account logons for this machine. If you enable this policy setting, delegated managed service account logons will be supported by the Kerberos client. Note that this policy has certain prerequites. The prerequisites and the directions to create a new delegated managed service account can be found at https://go.microsoft.com/fwlink/?linkid=2250379. If you disable or do not configure this policy setting, delegated managed service account logons will not be supported.

Related policies