mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-29 05:37:22 +00:00
Merge pull request #6385 from MicrosoftDocs/main
Publish 03/22/2022 3:30 PM PT
This commit is contained in:
Angela Fleischmann
GitHub
commit
ecef9d2aef
@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 09/23/2021
|
ms.date: 03/22/2022
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -29,6 +29,9 @@ The credentials are placed in Credential Manager as a "\*Session" credential.
|
|||||||
A "\*Session" credential implies that it is valid for the current user session.
|
A "\*Session" credential implies that it is valid for the current user session.
|
||||||
The credentials are also cleaned up when the WiFi or VPN connection is disconnected.
|
The credentials are also cleaned up when the WiFi or VPN connection is disconnected.
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
> In Windows 10, version 21h2 and later, the "\*Session" credential is not visible in Credential Manager.
|
||||||
|
|
||||||
For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it.
|
For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it.
|
||||||
For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).
|
For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).
|
||||||
|
|
||||||
@ -93,4 +96,4 @@ Domain controllers must have appropriate KDC certificates for the client to trus
|
|||||||
Domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication.
|
Domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication.
|
||||||
This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server.
|
This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server.
|
||||||
|
|
||||||
For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382).
|
For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382).
|
||||||
|
|||||||
@ -14,7 +14,7 @@ author: jgeurten
|
|||||||
ms.reviewer: jsuther1974
|
ms.reviewer: jsuther1974
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.date: 11/29/2021
|
ms.date: 03/22/2022
|
||||||
ms.technology: windows-sec
|
ms.technology: windows-sec
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -26,7 +26,7 @@ In this article we explain:
|
|||||||
|
|
||||||
1. File Rule Precedence Order
|
1. File Rule Precedence Order
|
||||||
2. Adding Allow Rules
|
2. Adding Allow Rules
|
||||||
3. Singe Policy Considerations
|
3. Single Policy Considerations
|
||||||
4. Multiple Policy Considerations
|
4. Multiple Policy Considerations
|
||||||
5. Best Practices
|
5. Best Practices
|
||||||
6. Tutorial
|
6. Tutorial
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user