Disable Kernel-mode authentication

If the IIS application pool serving the web site is running under a machine account, this chapter can be skipped.

The IIS Kernel-mode authentication feature has been introduced in IIS 7.0 to speed up the authentication process. It must be disabled for web sites served by service users.

Chapter-related warnings

HIGH – Kerberos authentication fails

  • Disable Kernel-mode authentication for IIS web sites served by service users.
  • There is no action required for IIS versions older than 7.0.