Event details

Join us for our March 9 “Ask Microsoft Anything” chat about Windows Server updates and upgrades. We’ll cover your questions on how to stay more secure by upgrading older servers (2008 and 2012 versio...
EricStarker
Updated Mar 09, 2023
windows server
Keith_Hoffman's avatar
Keith_Hoffman
Former Employee
Mar 09, 2023
any legacy systems you cannot immediately upgrade 3. Place any legacy systems you cannot immediately upgrade into their own domain structure The hardening included in the November update is there to help our customers be more secure as we know RC4 and DES are easily compromised. So along the lines of keeping things as secure/safe as possible, we would not recommend doing *anything* to try to work around the hardening. So while the Kerberos proxy idea is innovative it is not something we would recommend doing. You'd be better off spending those resources trying to upgrade those 2003 boxes.
Keith_Hoffman's avatar
Keith_Hoffman
Former Employee
Mar 09, 2023
Our recommendations in this case would be to: 1. Upgrade your legacy Server 2003 systems to a supported OS that is still getting security updates 2. Air gap any legacy systems you cannot immediately upgrade 3. Place any legacy systems you cannot immediately upgrade into their own domain structure The hardening included in the November update is there to help our customers be more secure as we know RC4 and DES are easily compromised. So along the lines of keeping things as secure/safe as possible, we would not recommend doing *anything* to try to work around the hardening. So while the Kerberos proxy idea is innovative it is not something we would recommend doing. You'd be better off spending those resources trying to upgrade those 2003 boxes.