Creating a Computer Account for NTLM Authentication
In order to use NTLM Authentication, a computer account must be first be created.
gateway90
In order to use NTLM Authentication, a computer account must be first be created.
The following steps are performed on the Active Directory server.
The information provided here is for your convenience only. The instructions may change without notice. Refer to the Active Directory documentation for further details.
To create a computer account in the Active Directory Server
:- Start theServer Managerin the Active Directory.
- OpenActive Directory Domain ServicesunderRoles.
- Expand theActive Directory Users and Computersnode.
- Expand the specific directory (in the sample figure above, it is "l7tech.dev").
- Right-click theComputersnode to create a new computer account.
- Choose the group called "Domain Computers" in the [Member of] tab if it is not set by default. This is required before creating a computer account.
- Populate the fields in the [General] tab. TheComputer namefield is required.
To configure the delegation for the newly created computer account:
- Open the newly created computer account and select the [Delegation] tab.
- For the delegation, choose "Trust this computer for delegation to specified services only".
- For the trust, choose theUse any authentication protocoloption.
- Click [Add]. The "Add Services" dialog appears.
- Click [Users or Computers].
- From the "Search results" list, select the server on which the netlogon service is running, and click [OK].
- In Add Services, selectnetlogonunder the Service Type column, and click [OK].
- The [Delegation] tab displays the netlogon service available for the computer account.
- The final step is to create aset_password.vbs scriptusing the following template:Dim objComputer Set objComputer = GetObject("WinNT://<domain>/computer account name>$") objComputer.SetPassword "<password>" Wscript.QuitWhen this is complete, execute theset_password.vbs script.