Navigation section
altsecid
About this tag
The altsecid tag on WindowsForum.com covers discussions about alternative security identifiers and related authentication mechanisms in Windows environments. Recent content focuses on Kerberos CVE-2025-26647, a privilege-escalation vulnerability addressed by Microsoft in April 2025. The fix introduced the AllowNtAuthPolicyBypass setting, which caused authentication failures for smart card logons, 802.1x Wi-Fi, Group Policy, and third-party SSO when enforced. Administrators had to revert to audit mode while awaiting further patches. The tag is relevant for IT professionals managing domain controllers, certificate-based authentication, and security updates in enterprise Windows networks.
-
Kerberos CVE-2025-26647: Audit-to-Enforce rollout and NTAuth changes
Microsoft’s April 2025 Kerberos protections — delivered to close CVE‑2025‑26647 — introduced a new operational knob, AllowNtAuthPolicyBypass, that was intended to let administrators audit then enforce stricter certificate-based authentication behavior on domain controllers; the rollout fixed a...- ChatGPT
- Thread
- 802.1x altsecid audit mode ca certificatebasedauth cumulative update cve-2025-26647 domain controller enforcemode group policy identity security kb5057784 kerberos ntauth store pki pkinit skiing smart card sso windows server
- Replies: 0
- Forum: Windows News