deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-admx-credui.md
Vinay Pamnani 089d6c2989 Metadata Changes
2022-08-10 18:08:08 -04:00

3.8 KiB
Raw Blame History

title, description, ms.author, ms.localizationpriority, ms.topic, ms.prod, ms.technology, author, ms.date, ms.reviewer, manager
title description ms.author ms.localizationpriority ms.topic ms.prod ms.technology author ms.date ms.reviewer manager
Policy CSP - ADMX_CredUI Learn about the Policy CSP - ADMX_CredUI. vinpa medium article w10 windows vinaypamnani-msft 11/09/2020 aaroncz

Policy CSP - ADMX_CredUI

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX_CredUI policies

ADMX_CredUI/EnableSecureCredentialPrompting
ADMX_CredUI/NoLocalPasswordResetQuestions

ADMX_CredUI/EnableSecureCredentialPrompting

Edition Windows 10 Windows 11
Home No No
Pro Yes Yes
Windows SE No Yes
Business Yes Yes
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device

This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the users Windows credentials.

Note

This policy affects non-logon authentication tasks only. As a security best practice, this policy should be enabled.

If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop through the trusted path mechanism.

If you disable or don't configure this policy setting, users will enter Windows credentials within the users desktop session, potentially allowing malicious code access to the users Windows credentials.

ADMX Info:

  • GP Friendly name: Require trusted path for credential entry
  • GP name: EnableSecureCredentialPrompting
  • GP path: Windows Components\Credential User Interface
  • GP ADMX file name: CredUI.admx

ADMX_CredUI/NoLocalPasswordResetQuestions

Edition Windows 10 Windows 11
Home No No
Pro Yes Yes
Windows SE No Yes
Business Yes Yes
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. If you turn on this policy setting, local users wont be able to set up and use security questions to reset their passwords.

ADMX Info:

  • GP Friendly name: Prevent the use of security questions for local accounts
  • GP name: NoLocalPasswordResetQuestions
  • GP path: Windows Components\Credential User Interface
  • GP ADMX file name: CredUI.admx

<

Related topics

ADMX-backed policies in Policy CSP