ksetup.exe
- File Path:
C:\windows\system32\ksetup.exe
- Description: Kerberos Setup tool
Hashes
Type | Hash |
---|---|
MD5 | B4C763FA090D345EF24ACE7ADA0285CE |
SHA1 | 209B203B41AF29A84B4C0C1F84872B434F94E74A |
SHA256 | 80A7E82326DC311CFD9DEE9CC2BBA4E744F4E5A99BA2E298AB7DD966170F1831 |
SHA384 | 016DF03470349EDB65D0F6ECCA8D2D4AE698A8CF386762794F7BB19A0937BA91E60B621A4498A17450553C10B1D6A657 |
SHA512 | 6D6B096969E516F62C3908CB7B87762632CFBBA25FA69FEAF3C7B39F5031CCA6DAB18DC3A377FDABADAEF0959F800CCFCD8003C1DF431C8312F7838A2BF7C683 |
SSDEEP | 768:ewYDtXYI/h8vZQvrM/uwCVl46noXpdReL5No3a5BOpEe2JlKJy:KPeOSXfRZa5BOWe2qJ |
Signature
- Status: The file C:\windows\system32\ksetup.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: ksetup.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
ksetup
Performs tasks related to setting up and maintaining Kerberos protocol and the Key Distribution Center (KDC) to support Kerberos realms. Specifically, this command is used to:
-
Change the computer settings for locating Kerberos realms. In non-Microsoft, Kerberos–based implementations, this information is usually kept in the Krb5.conf file. In Windows Server operating systems, it’s kept in the registry. You can use this tool to modify these settings. These settings are used by workstations to locate Kerberos realms and by domain controllers to locate Kerberos realms for cross-realm trust relationships.
-
Initialize registry keys that the Kerberos Security Support Provider (SSP) uses to locate a KDC for the Kerberos realm, if the computer is isn’t a member of a Windows domain. After configuration, the user of a client computer running the Windows operating system can log on to accounts in the Kerberos realm.
-
Search the registry for the domain name of the user’s realm and then resolves the name to an IP address by querying a DNS server. The Kerberos protocol can use DNS to locate KDCs by using only the realm name, but it must be specially configured to do so.
Syntax
ksetup
[/setrealm <DNSdomainname>]
[/mapuser <principal> <account>]
[/addkdc <realmname> <KDCname>]
[/delkdc <realmname> <KDCname>]
[/addkpasswd <realmname> <KDCPasswordName>]
[/delkpasswd <realmname> <KDCPasswordName>]
[/server <servername>]
[/setcomputerpassword <password>]
[/removerealm <realmname>]
[/domain <domainname>]
[/changepassword <oldpassword> <newpassword>]
[/listrealmflags]
[/setrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]]
[/addrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]]
[/delrealmflags [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]]
[/dumpstate]
[/addhosttorealmmap] <hostname> <realmname>]
[/delhosttorealmmap] <hostname> <realmname>]
[/setenctypeattr] <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MD5 | AES128-CTS-HMAC-SHA1-96 | AES256-CTS-HMAC-SHA1-96}
[/getenctypeattr] <domainname>
[/addenctypeattr] <domainname> {DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-MD5 | AES128-CTS-HMAC-SHA1-96 | AES256-CTS-HMAC-SHA1-96}
[/delenctypeattr] <domainname>
Parameters
Parameter | Description |
---|---|
ksetup setrealm | Makes this computer a member of a Kerberos realm. |
ksetup addkdc | Defines a KDC entry for the given realm. |
ksetup delkdc | Deletes a KDC entry for the realm. |
ksetup addkpasswd | Adds a kpasswd server address for a realm. |
ksetup delkpasswd | Deletes a kpasswd server address for a realm. |
ksetup server | Allows you to specify the name of a Windows computer on which to apply the changes. |
ksetup setcomputerpassword | Sets the password for the computer’s domain account (or host principal). |
ksetup removerealm | Deletes all information for the specified realm from the registry. |
ksetup domain | Allows you to specify a domain (if the <domainname> hasn’t already been set by the /domain parameter). |
ksetup changepassword | Allows you to use the kpasswd to change the logged on user’s password. |
ksetup listrealmflags | Lists the available realm flags that ksetup can detect. |
ksetup setrealmflags | Sets realm flags for a specific realm. |
ksetup addrealmflags | Adds additional realm flags to a realm. |
ksetup delrealmflags | Deletes realm flags from a realm. |
ksetup dumpstate | Analyzes the Kerberos configuration on the given computer. Adds a host to realm mapping to the registry. |
ksetup addhosttorealmmap | Adds a registry value to map the host to the Kerberos realm. |
ksetup delhosttorealmmap | Deletes the registry value that mapped the host computer to the Kerberos realm. |
ksetup setenctypeattr | Sets one or more encryption types trust attributes for the domain. |
ksetup getenctypeattr | Gets the encryption types trust attribute for the domain. |
ksetup addenctypeattr | Adds encryption types to the encryption types trust attribute for the domain. |
ksetup delenctypeattr | Deletes the encryption types trust attribute for the domain. |
/? | Displays Help at the command prompt. |
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.