Unsupported Windows Server 2012 features

Windows Server 2012 includes support for claims, compound authentication, and Kerberos armoring. The core Centrify agent for Windows does not provide support for these advanced authentication features. To take full advantage of these advanced authentication services, however, requires you to make the following changes to your environment:

  • Deploy Dynamic Access Control.
  • Upgrade all of your domain controllers and application servers to Windows Server 2012 or later.
  • Upgrade all of your workstations to Windows 8 or later.
  • Raise the domain functional level to Windows Server 2012.

If you have a mixed environment that includes Windows 7 and Windows 8 or later workstations and Windows Server 2008 or Windows Server 2008 R2 domain controllers, you can configure the administrative template for claims, compound authentication, and Kerberos armoring to use the Not supported option (default).

To use the Supported configuration option, you must deploy Dynamic Access Control, configure Windows 8 and later client-side support for claims, compound authentication and Kerberos armoring, and ensure you have domain controllers running Windows Server 2012 to handle the authentication requests for those computers. You should not install the Centrify agent for Windows on any computers configured to support claims, compound authentication and Kerberos armoring to prevent authentication failures.

In addition, Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service does not provide any specific support for authenticating access to Server Message Block 3.0 (SMB3.0) file shares that are supported in Windows Server 2012. The SMB protocol operates as an application layer for providing shared access to computers, printers, and other devices. This protocol has been extended to provide shared access to virtual machines and SQL user databases.