Disable Extended Protection for Authentication
In Windows 7 adding the reg key SuppressExtendedProtection does not appear to disable Extended Protection for Authentication. Can anyone tell me how to disable this in Windows 7? It break SSO for SAP.http://www.microsoft.com/technet/security/advisory/973811.mspxJohn Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
October 20th, 2009 5:58pm

Hi John, The link above is applied to Windows XP, Windows Vista and Windows 2003. The Extended Protection for Authentication is built-in and also turned on by default in Windows 7.Microsoft noticed this issue and will publish an article with a workaound for this scenario. Please wait it. Thank you for your understanding. Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
October 21st, 2009 6:50am

Yea I realized that article wasn't for WIn 7. So there is an article forthcoming? Can you (or someone else) please notify me somehow when this workaruond is published?John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
October 21st, 2009 3:17pm

Great, we've met the same problem for our Java application (Kerberos authentication not working for Windows 7 clients). Notify me please too. Thanks.
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2009 4:51am

Hi all, Yes, according to my known, this article will be publiced soon. We are planning to create a thread with all Windows 7 KBs. You can find it in future. Thanks.
October 22nd, 2009 9:58am

Has this thread arrived yet? Anxiously waiting...
Free Windows Admin Tool Kit Click here and download it now
November 4th, 2009 11:44pm

As am I. John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
November 5th, 2009 3:47am

Any response or feedback from Microsoft? Setting SuppressExtendedProtection to 2 (or 3) works in our Win7 environment, but not in the customer's. From Microsoft Support in Feb 2010, no word on Win7 issues http://support.microsoft.com/kb/976918
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2010 12:49am

Any responses yet? I'm very interested to get an answer.
April 15th, 2010 4:29am

As people pointed out previously, extened protection breaks SSO. So I had to turn off extended protection, but I can't ask my customers do same thing since it is weaking security. Any workarounds came out from Microsoft?Gina Choi
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2011 7:49pm

It's not a MS problem. It's a vendor problem. MS enable this feature for advanced security but the vendor app does not support it so it has to be disabled. "For failures where non-Windows NTLM or Kerberos servers are failing when receiving CBT, check with the vendor for a version which handles CBT correctly. For failures where non-Windows NTLM servers or proxy servers require LMv2, check with the vendor for a version which supports NTLMv2"John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
June 23rd, 2011 10:38pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics