Disable Extended Protection for Authentication
In Windows 7 adding the reg key SuppressExtendedProtection does not appear to disable Extended Protection for Authentication. Can anyone tell me how to disable this in Windows 7? It break SSO for SAP.http://www.microsoft.com/technet/security/advisory/973811.mspxJohn Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
October 20th, 2009 5:58pm

Hi John, The link above is applied to Windows XP, Windows Vista and Windows 2003. The Extended Protection for Authentication is built-in and also turned on by default in Windows 7.Microsoft noticed this issue and will publish an article with a workaound for this scenario. Please wait it. Thank you for your understanding. Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
October 21st, 2009 6:50am

Yea I realized that article wasn't for WIn 7. So there is an article forthcoming? Can you (or someone else) please notify me somehow when this workaruond is published?John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
October 21st, 2009 3:17pm

Great, we've met the same problem for our Java application (Kerberos authentication not working for Windows 7 clients). Notify me please too. Thanks.
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2009 4:51am

Hi all, Yes, according to my known, this article will be publiced soon. We are planning to create a thread with all Windows 7 KBs. You can find it in future. Thanks.
October 22nd, 2009 9:58am

Has this thread arrived yet? Anxiously waiting...
Free Windows Admin Tool Kit Click here and download it now
November 4th, 2009 11:44pm

As am I. John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
November 5th, 2009 3:47am

Any response or feedback from Microsoft? Setting SuppressExtendedProtection to 2 (or 3) works in our Win7 environment, but not in the customer's. From Microsoft Support in Feb 2010, no word on Win7 issues http://support.microsoft.com/kb/976918
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2010 12:49am

Any responses yet? I'm very interested to get an answer.
April 15th, 2010 4:29am

Any responses yet? I'm very interested to get an answer.
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2010 4:29am

As people pointed out previously, extened protection breaks SSO. So I had to turn off extended protection, but I can't ask my customers do same thing since it is weaking security. Any workarounds came out from Microsoft?Gina Choi
June 23rd, 2011 12:55pm

It's not a MS problem. It's a vendor problem. MS enable this feature for advanced security but the vendor app does not support it so it has to be disabled. "For failures where non-Windows NTLM or Kerberos servers are failing when receiving CBT, check with the vendor for a version which handles CBT correctly. For failures where non-Windows NTLM servers or proxy servers require LMv2, check with the vendor for a version which supports NTLMv2"John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 3:44pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics