Servers

    Thank you for downloading

    • Tokensz

      If your download does not start after 30 seconds, Click here
        • Examples of Kerberos Token Size in Use
          Example 1: Incomplete context
          To determine the maximum Kerberos token size using incomplete context:

          • Type the following at the command line:

          tokensz /compute_tokensize /package:negotiate /use_delegation /target_server:host/server1

          • When you press ENTER, the following output is displayed:

          Name: Negotiate Comment: Microsoft Package Negotiator

          Current PackageInfo->MaxToken: 12128

          MaxTokenSize (incomplete context): 2181


          In this example:

          MaxTokenSize (incomplete context) indicates that the protocol could not perform all legs of authentication. In this case, (incomplete context) was returned because the server was specified as server 1, but the test was run under the user account. However, this is still a reasonable estimation of the maximum token size required for this user to authenticate to server 1.

          Example 2: Administrator account to server host with delegation requested
          To determine the maximum Kerberos token size for administrator to the host server 1:

          • Type the following at the command line:

          tokensz /compute_tokensize /package:negotiate /target_server:host/server1 /
          user:administrator /password:ClientPassword /domain:UserDomain /use_delegation

          • When you press ENTER, the following output is displayed:

          Name: Negotiate Comment: Microsoft Package Negotiator

          Current PackageInfo->MaxToken: 12128

          Asked for delegate, but didn't get it

          Check if server is trusted for delegation.

          QueryKeyInfo:

          Signature algorithm =

          Encrypt algorithm = RSADSI RC4-HMAC

          KeySize = 128

          Flags = 2081e

          Signature Algorithm = -138

          Encrypt Algorithm = 23

          Start:4/2/2003 5:54:19

          Expiry:4/2/2003 6:54:19

          Current Time: 4/2/2003 5:54:19

          MaxToken (complete context) 1375


          In this example:

          • Asked for delegate, but didn’t get it indicates that delegation was not used. This happens if the target server is not trusted for delegation, or if the user account has the Account is sensitive and cannot be delegated option selected.

          • MaxToken (complete context) indicates that all authentication legs have been completed, and that this is a reliable value for maximum token size for server 1.


          Example 3: Using /calc_groups
          To calculate group membership for user 1:

          • Type the following at the command line:

          tokensz /calc_groups user1


          When you press ENTER, the tool returns a list of Kerberos token contents. In this example, the following output is displayed:

          Username = user1

          TS Session ID: 0

          User

          S-1-5-21-148402017-3776891892-3157626230-1945

          Groups:

          00 S-1-5-21-148402017-3776891892-3157626230-513 Attributes - Mandatory Default Enabled

          01 S-1-1-0 Attributes - Mandatory Default Enabled

          02 S-1-5-32-545 Attributes - Mandatory Default Enabled

          03 S-1-5-32-554 Attributes - Mandatory Default Enabled

          04 S-1-5-2 Attributes - Mandatory Default Enabled

          05 S-1-5-11 Attributes - Mandatory Default Enabled

          06 S-1-5-15 Attributes - Mandatory Default Enabled

          07 S-1-5-5-0-17077419 Attributes - Mandatory Default Enabled LogonId

          Primary Group:

          S-1-5-21-148402017-3776891892-3157626230-513

          Privs

          00 0x000000017 SeChangeNotifyPrivilege Attributes - Enabled Default

          01 0x000000006 SeUnsolicitedInputPrivilege Attributes - Enabled Default

          Auth ID 0:10494b4

          Impersonation Level: Identification

          TokenType Impersonation

    Popular downloads

    Loading your results, please wait...

    Free PC updates

    • Security patches
    • Software updates
    • Service packs
    • Hardware drivers

    Microsoft suggests

    Download a free trial of Windows Server 2012 R2.
    Windows Server 2012 R2 free trial
    Experience the new and enhanced capabilities.
    Free trial