This security setting determines whether the Kerberos V5 Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the user account. Validation of each request for a session ticket is optional, because the extra step takes time and it may slow network access to services.
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
clients will get the new setting after a maximum of 8 hours but for DCs to assign these new settings a Gpupdate /force is required or waiting for the usual 5 minutes when the SCE engine assigns all modified settings.
At least Windows XP SP2, Windows Server 2003
Kerberos Policy security settings are not registry keys.