I'm desperately looking for proof that there is a genuine Microsoft restriction on AD Domain users who are members of the local Administrators group with UAC enabled not having access to the Kerberos TGT Session Key. I have SSO implemented in Java using Kerberos for my application, but we have recently faced the problem in Windows 7 that Administrator users with UAC enabled fail to login automatically via SSO because of the Kerberos TGT restriction.
I have both Client and Server implemented in java and we are using GSS and Kerberos on the client side for SSO. Is there a way to obtain a Service Ticket from Kerberos in this scenario.
Thank you in advance.