Allowed-To-Authenticate extended right

The control access right controls who can authenticate to a particular computer or service. It basically lives on computer, user, and InetOrgPerson objects. It is also applicable on the domain object if access is allowed for the entire domain. It can be applied to OUs to permit users to be able to set inheritable ACEs on OUs that contain a set of user or computer objects.

CN Allowed-To-Authenticate
Display-Name Allowed to Authenticate
Rights-GUID 68b1d179-0d15-4d4f-ab71-46152e79a7bc

Implementations

Windows Server 2003

Applies-To Computer
User
inetOrgPerson
Localization-Display-ID 65

Windows Server 2003 R2

Applies-To Computer
User
inetOrgPerson
Localization-Display-ID 65

Windows Server 2008

Applies-To Computer
User
inetOrgPerson
Localization-Display-ID 65

Windows Server 2008 R2

Applies-To Computer
ms-DS-Managed-Service-Account
User
inetOrgPerson
Localization-Display-ID 65

Windows Server 2012

Applies-To Computer
ms-DS-Managed-Service-Account
User
inetOrgPerson
Localization-Display-ID 65