Microsoft KB Archive/938118

= How to use Group Policy to add the MaxTokenSize registry entry to multiple computers on a domain controller that is running Windows Server 2003 or that is running Windows 2000 =

Article ID: 938118

Article Last Modified on 7/20/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



INTRODUCTION
On a domain controller that is running Microsoft Windows 2000 or that is running Microsoft Windows Server 2003, you can use Group Policy to add the following registry entry to multiple computers:

Key:

Entry: MaxTokenSize

Data type: REG_DWORD

Value: 65535

This article describes how to do this.



MORE INFORMATION
To use Group Policy to add the registry entry to multiple computers, follow these steps:  Start Notepad.  Copy the following text, and then paste the text into Notepad. CLASS MACHINE

CATEGORY !!KERB

KEYNAME &quot;SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters&quot; POLICY !!MaxToken VALUENAME &quot;MaxTokenSize&quot; VALUEON NUMERIC 65535 VALUEOFF NUMERIC 0 END POLICY

END CATEGORY

[strings] KERB=&quot;Kerberos Maximum Token Size&quot; MaxToken=&quot;Kerberos MaxTokenSize&quot;  Save the Notepad document as MaxTokenSize.adm in the %windir%\Inf\ folder on the domain controller. Exit Notepad. Create a new Group Policy object (GPO) that is linked at the domain level or that is linked to the organizational unit (OU).

Note The OU contains the computers to which you want to add the registry entry. Open Group Policy Object Editor. To do this, click Start, click Run, type gpedit.msc, and then click OK. In the console tree, expand Computer Configuration, expand Administrative Templates, and then click Administrative Templates.</li> On the Action menu, point to All Tasks, and then click Add/Remove Templates.</li> Click Add.</li> Click to select the MaxTokenSize.adm file that you created in step 3, and then click Open.</li> Click Close.</li> On a Windows 2000-based domain controller, click to clear Show Policies Only on the View menu.

On a Windows Server 2003-based domain controller, follow these steps: <ol style="list-style-type: lower-alpha;"> On the View menu, click Filtering.</li> Click to clear the Only show policy settings that can be fully managed check box, and then click OK.</li></ol> </li></ol>

<div class="references_section">