Disable CNAME lookup when negotiating Kerberos authentication

Setting the policy to Enabled skips CNAME lookup. The server name is used as entered when generating the Kerberos SPN.

Setting the policy to Disabled or leaving it unset means CNAME lookup determines the canonical name of the server when generating the Kerberos SPN.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Registry PathSoftware\Policies\Google\ChromeOS
Value NameDisableAuthNegotiateCnameLookup
Enabled Value1
Disabled Value0


Administrative Templates (Computers)

Administrative Templates (Users)