ksetup addrealmflagsksetup addrealmflags

将其他领域标志添加到指定领域。Adds additional realm flags to the specified realm.


ksetup /addrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]


参数Parameter 说明Description
<realmname> 指定大写的 DNS 名称,例如 CORP。CONTOSO.COM。Specifies the uppercase DNS name, such as CORP.CONTOSO.COM.


  • 领域标志指定了不基于 Windows Server 操作系统的 Kerberos 领域的其他功能。The realm flags specify additional features of a Kerberos realm that aren't based on the Windows Server operating system. 运行 Windows Server 的计算机可以使用 Kerberos 服务器来管理 Kerberos 领域中的身份验证,而不是使用运行 Windows Server 操作系统的域。Computers that are running Windows Server, can use a Kerberos server to administer authentication in the Kerberos realm, instead of using a domain running a Windows Server operating system. 此条目将建立领域的功能,如下所示:This entry establishes the features of the realm, and are as follows:
“值”Value 领域标志Realm flag 说明Description
0xF0xF AllAll 设置所有领域标志。All realm flags are set.
0x000x00 None 未设置领域标志,并且未启用任何其他功能。No realm flags are set, and no additional features are enabled.
0x010x01 sendaddresssendaddress 此 IP 地址将包含在票证授予票证中。The IP address will be included within the ticket-granting tickets.
0x020x02 tcpsupportedtcpsupported 传输控制协议 (TCP) 和用户数据报协议 (UDP) 在此领域中受支持。Both the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) are supported in this realm.
0x040x04 delegatedelegate 此领域中的每个人都受信任,可用于委派。Everyone in this realm is trusted for delegation.
0x080x08 ncsupportedncsupported 此领域支持名称规范化,这允许 DNS 和领域的命名标准。This realm supports name canonicalization, which allows for DNS and Realm naming standards.
0x800x80 rc4rc4 此领域支持 RC4 加密以启用跨领域信任,这允许使用 TLS。This realm supports RC4 encryption to enable cross-realm trust, which allows for the use of TLS.
  • 领域标志存储在下的注册表中 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<realmname>Realm flags are stored in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<realmname>. 默认情况下,注册表中不存在此项。This entry doesn't exist in the registry by default. 可以使用 ksetup addrealmflags 命令填充注册表。You can use the ksetup addrealmflags command to populate the registry.

  • 可以通过查看 ksetup 或的输出来查看可用的和设置领域标志 ksetup /dumpstateYou can see the available and set realm flags by viewing the output of ksetup or ksetup /dumpstate.


若要列出领域 CONTOSO 的可用领域标志,请键入:To list the available realm flags for the realm CONTOSO, type:

ksetup /listrealmflags

若要将两个标志设置为 CONTOSO 领域,请键入:To set two flags to the CONTOSO realm, type:

ksetup /setrealmflags CONTOSO ncsupported delegate

若要添加一个当前不在该集中的标记,请键入:To add one more flag that is not currently in the set, type:

ksetup /addrealmflags CONTOSO SendAddress

若要验证是否已设置领域标志,请键入, ksetup 然后查看输出,查找文本 " 领域标志 ="。To verify the realm flag is set, type ksetup and then view the output, looking for the text, Realm flags =. 如果看不到文本,则表示尚未设置该标志。If you don't see the text, it means that the flag hasn't been set.

其他参考Additional References