deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-27 20:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Bug# 7673920

Browse Source
This commit is contained in:
Brian Lich 2016-05-26 10:00:04 -07:00
parent bdd179da26
commit 1be0b4969c
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/keep-secure/credential-guard.md
View File

@ -239,6 +239,10 @@ You can use System Information to ensure that Credential Guard is running on a P
- Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password.
- Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials.
- You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials.
### Kerberos Considerations
When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead.
## Scenarios not protected by Credential Guard