Hi, bit of an essay here but best to explain the situation out before asking the question. I'm using ksetup in Server 2003 in my environment to limit communications between servers ina less trusted zoneand DCs in amoretrustedenvironment. Basically, using ksetup, I am able to limit ports from the untrusted server to the DCs to Kerberos alone, and can use domain accounts to log in. Obviously I don't get the benefits of Group Policy and the like, but for the purposes of the untrusted server, it's okay in this case. Basically, the procedure is: Create a user(not computer) account for the untrusted server (untrusted.example.com) in the domain (EXAMPLE.COM), and give it an SPN of 'host/untrusted.example.com'. Also, set its password to 'secretcomputerpassword'. Create a domain account, 'domainuser', in EXAMPLE.COM. On the untrusted server, which has no DNS servers defined, add this entry to the C:\Windows\System32\drivers\etc\hosts file: Code Block<ip address of DC> kdc.example.com And then run these commands (on the untrusted server): Code Block net user localuser /add ksetup /setrealm EXAMPLE.COM ksetup /addkdc EXAMPLE.COM kdc.example.com ksetup /setcomputerpassword secretcomputerpassword ksetup /mapuser domainuser@EXAMPLE.COM localuser Then I reboot the untrusted server. When it's come back up, I am able to log in to it (after granting localuser appropriate logon rights) using the account domainuser@EXAMPLE.COM and its password. This is great, but when I try and do the same thing in Server 2008, although I can log in, it takes about 2 or 3 minutes while the screen sits at 'Applying User Settings'. Local user accounts can log in virtually instantaneously.If I look in the Application event log, I see two errors: The winlogon notification subscriber is taking long time to handle the notification event (winlogon). and The winlogon notification subscriber took 120 second(s) to handle the notification event (winlogon).The nearest matches I can find searching the Web talk about setting TCP autotuning levels to disabled, but these have not made any difference. Any ideas? Thanks in advance.