What does kerberos actually encrypt in AD

Robbo777

With regards to kerberos, i know the whole procedure of granting tickets with the TGS and TGT's but i'm actually still left wondering...

What kerbrous actually encrypts besides using tickets for services. Does it encrypt a whole users session or DC replication?

Where do i activate the feature in group policy to use kerberos?? I'm still not sure

There are options in the accounts section of a user to use kerbrous 128bit, they're unchecked though by default. Is this for encrypting a users session

OctalDump

IT encrypts only the Kerberos traffics. You can use Kerberos as part of initiating IPSec tunnels. Kerberos handles the "who are you, what can you do" and other systems then take care of the rest. Kerberos basically determines whether the two systems will trust each other to talk, but not whether when they talk that it is encrypted or how.

What data is encrypted, and how, usually depends largely on the application itself. Many applications will use TLS/SSL to create that secure session tunnel. A lot more traffic will just be unencrypted. If you want all net traffic encrypted, then IPSec is the way to go.