Event details

Join us for our March 9 “Ask Microsoft Anything” chat about Windows Server updates and upgrades. We’ll cover your questions on how to stay more secure by upgrading older servers (2008 and 2012 versio...
EricStarker
Updated Mar 09, 2023
windows server
Cliff_Fisher's avatar
Cliff_Fisher
Icon for Microsoft rankMicrosoft
Mar 09, 2023
I don't believe this would be possible due to various tamper protections, but either way, this is absolutely not supported by Microsoft.
MattTheSysAdmin's avatar
MattTheSysAdmin
Brass Contributor
Mar 09, 2023
Thanks Cliff. Any chance you have references to these tamper protections?
  • Cliff_Fisher's avatar
    Cliff_Fisher
    Icon for Microsoft rankMicrosoft
    Mar 09, 2023
    I'd have to have a member of the Kerberos team answer this question, but I'd say two things: Check out the Kerberos protocol docs on MSDN, and consider that to do this, you'd effectively be creating a man-in-the-middle downgrade attack intentionally in your own environment. What's to prevent an attacker with an internal foothold from leveraging this to own the rest of your environment? You'd be opening the environment to tons of liability.