6.5 KiB
title, description, ms.date
| title | description | ms.date |
|---|---|---|
| ADMX_CredUI Policy CSP | Learn more about the ADMX_CredUI Area in Policy CSP. | 08/06/2024 |
Policy CSP - ADMX_CredUI
[!INCLUDE ADMX-backed CSP tip]
EnableSecureCredentialPrompting
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_CredUI/EnableSecureCredentialPrompting
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user's Windows credentials.
Note
This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
-
If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism.
-
If you disable or don't configure this policy setting, users will enter Windows credentials within the user's desktop session, potentially allowing malicious code access to the user's Windows credentials.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | EnableSecureCredentialPrompting |
| Friendly Name | Require trusted path for credential entry |
| Location | Computer Configuration |
| Path | Windows Components > Credential User Interface |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\CredUI |
| Registry Value Name | EnableSecureCredentialPrompting |
| ADMX File Name | CredUI.admx |
NoLocalPasswordResetQuestions
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_CredUI/NoLocalPasswordResetQuestions
If you turn this policy setting on, local users won't be able to set up and use security questions to reset their passwords.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | NoLocalPasswordResetQuestions |
| Friendly Name | Prevent the use of security questions for local accounts |
| Location | Computer Configuration |
| Path | Windows Components > Credential User Interface |
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
| Registry Value Name | NoLocalPasswordResetQuestions |
| ADMX File Name | CredUI.admx |