From 7e88988f3da604b275e8ef96f76350fa185a98f4 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 25 Mar 2019 12:06:27 +0200 Subject: [PATCH] defined credentials https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1240 --- .../security/identity-protection/remote-credential-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index d4040d63f5..b57634a153 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -89,7 +89,7 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and r The Remote Desktop client device: -- Must be running at least Windows 10, version 1703 to be able to supply credentials. +- Must be running at least Windows 10, version 1703 to be able to supply credentials (hash and TGT). - Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host. - Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard. - Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk. @@ -176,4 +176,4 @@ mstsc.exe /remoteGuard - No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own. -- The server and client must authenticate using Kerberos. \ No newline at end of file +- The server and client must authenticate using Kerberos.