I have a base understanding of how Kerberos works in an Active Directory environment and the methods it uses to authenticate users and workstations onto the network, but my question is.. since Kerberos relies on issuing a security token that the end user then uses to access network resources, how are systems (laptops) not on the domain able to access the same network resources using only the username and password of an active directory user?
I guess it would make more sense if just using the user credentials, Kerberos generates a security token and issues it to the system, but it seems like there should be more security there to prevent a nondomain system from accessing network resources.
If anyone could enlighten me, I'd appreciate it!
Best Answer
NTLM is used in this case...
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx
http://en.wikipedia.org/wiki/NTLM