I do not think so - see my post earlier today. I think it actually makes a sense in terms of improved security. You can tell your KDC which TGS tickets can be issued for a specified machine.It's an artificial distinction that holds ground only in MS-land. If you find the Technet article can you send the link to this list ? It would be nice to have a reference in the archives. Simo.