CLASS MACHINE
 
CATEGORY !!KRB_PARAMS
 
KEYNAME "SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters"
 
POLICY !!SET_MAXPACKETSIZE
EXPLAIN !!MAXPACKETSIZE_HELP
PART !!MAXPACKETSIZE NUMERIC REQUIRED
VALUENAME "MaxPacketSize"
MIN 1 MAX 2000 DEFAULT 2000
END PART
 
PART !!MAXPACKETSIZE_TIP TEXT
END PART
END POLICY
 
POLICY !!LOGLEVEL
EXPLAIN !!LOGLEVEL_HELP
VALUENAME "LogLevel"
END POLICY

POLICY !!SET_MAXTOKENSIZE
EXPLAIN !!MAXTOKENSIZE_HELP
PART !!MAXTOKENSIZE NUMERIC REQUIRED
VALUENAME "MaxTokenSize"
MIN 12000 MAX 65535 DEFAULT 65535
END PART
END POLICY

END CATEGORY
 
[strings]
KRB_PARAMS="Kerberos Parameters"
SET_MAXPACKETSIZE="Set MaxPacketSize"
MAXPACKETSIZE_HELP="The Windows 2000 Kerberos Authentication package is\n
the default in Windows 2000. It coexists with challenge/response (NTLM)\n
and is used in instances in which both a client and server can negotiate\n
Kerberos. Request for Comments (RFC) 1510 states that when a client\n
contacts the Key Distribution Center (KDC), it should send a User\n
Datagram Protocol (UDP) datagram to port 88 at the KDC's IP address.\n 
The KDC should  respond with a reply datagram to the sending port at the\n
sender's IP  address.\n\nWindows 2000, by default, uses UDP when the data\n
can be fit in  packets under 2,000 bytes. Any data above this value uses\n
TCP to carry the packets. The value of 2,000 bytes is configurable via\n
this policy."
MAXPACKETSIZE="Bytes: "
MAXPACKETSIZE_TIP="Range is from 1 to 2000. Use 1 to force Kerberos to 
use TCP." 
LOGLEVEL="Kerberos Event Logging"
LOGLEVEL_HELP="Windows 2000 offers the capability of tracing detailed 
Kerberos events through the event log mechanism. You can use this 
information when you troubleshoot Kerberos. 
All Kerberos errors are logged to the System log."
SET_MAXTOKENSIZE="MaxTokenSize"
MAXTOKENSIZE="MaxTokenSize"
MAXTOKENSIZE_HELP="setzt die maximale Tokenpuffergroesse fest.\n
Dies ist kritisch bei Benutzern mit vielen Gruppenmitgliedschaften(>1015) und SQL-Serverbenutzern. / borwinius 2008"