I have AD LDS installed on a domain joined server (2012 R2). By default, the instance allows AD LDS principal authentication, Windows principal (AD or local) authentication and, optionally, AD LDS proxy authentication. I want to configure proxy authentication, which is well documented, but I also want to prevent any Windows principal authentication. I can find no documentation on restricting those login mechanisms.
Could anyone point me in the right dire