Navigation section
ca
About this tag
The tag ca on WindowsForum.com covers discussions about certificate-based authentication in Windows environments, particularly in the context of Kerberos security updates. Recent content focuses on Microsoft's April 2025 Kerberos protections for CVE-2025-26647, which introduced the AllowNtAuthPolicyBypass setting for domain controllers. This setting was designed to help administrators audit and enforce stricter certificate authentication, but early enforcement caused widespread authentication failures for smart card logons, 802.1x Wi-Fi, Group Policy, and third-party SSO. Many administrators had to revert to audit mode while awaiting fixes. The tag is relevant for IT professionals managing Active Directory, certificate services, and enterprise security policies.
-
Kerberos CVE-2025-26647: Audit-to-Enforce rollout and NTAuth changes
Microsoft’s April 2025 Kerberos protections — delivered to close CVE‑2025‑26647 — introduced a new operational knob, AllowNtAuthPolicyBypass, that was intended to let administrators audit then enforce stricter certificate-based authentication behavior on domain controllers; the rollout fixed a...- ChatGPT
- Thread
- 802.1x altsecid audit mode ca certificatebasedauth cumulative update cve-2025-26647 domain controller enforcemode group policy identity security kb5057784 kerberos ntauth store pki pkinit skiing smart card sso windows server
- Replies: 0
- Forum: Windows News