TipHKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\
The UserList subkey stores entries that associate a Kerberos security principal to a local Windows 2000 user account.
Computers running Windows 2000 can use a non-Windows Kerberos server to administer authentication, instead of using a Windows 2000 domain for Kerberos authentication. For ease of use, the system lets you map a Kerberos security principal, such as the name of a principal or a realm, to a local Windows user account.
This subkey stores mappings you enter when you use the
All entries in this subkey have the following format, where * indicates all users.
| Kerberos-name or * | REG_SZ | Local-name or * |
For example, if you enter the following mapping command in Ksetup:
ksetup /mapuser
user@domain.reskit.com Guest
then Ksetup adds the following entry to the UserList subkey:
| user@domain.reskit.com | REG_SZ | Guest |
To change the value of this entries in this subkey, use Kerberos Setup (Ksetup.exe), a tool included in Windows 2000 Support Tools. Do not edit the registry.
Tip
For more information about KSetup.exe, see Tools Help in the Windows 2000 Support Tools. For more information about Kerberos interoperability features, see MIT Kerberos v5 (krb5 1.0) Interoperability on the Windows 2000 Server Security Services Web site.