windows-itpro-docs/windows/client-management/mdm/policy-csp-credentialsdelegation.md
2023-08-11 10:31:52 -04:00

4.0 KiB

title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.technology, ms.topic
title description author manager ms.author ms.date ms.localizationpriority ms.prod ms.technology ms.topic
CredentialsDelegation Policy CSP Learn more about the CredentialsDelegation Area in Policy CSP. vinaypamnani-msft aaroncz vinpa 08/10/2023 medium windows-client itpro-manage reference

Policy CSP - CredentialsDelegation

[!INCLUDE ADMX-backed CSP tip]

RemoteHostAllowsDelegationOfNonExportableCredentials

Scope Editions Applicable OS
Device
User
Pro
Enterprise
Education
Windows SE
IoT Enterprise / IoT Enterprise LTSC
Windows 10, version 1803 [10.0.17134] and later
./Device/Vendor/MSFT/Policy/Config/CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials

Remote host allows delegation of non-exportable credentials.

When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host.

  • If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode.

  • If you disable or don't configure this policy setting, Restricted Administration and Remote Credential Guard mode aren't supported. User will always need to pass their credentials to the host.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

[!INCLUDE ADMX-backed policy note]

ADMX mapping:

Name Value
Name AllowProtectedCreds
Friendly Name Remote host allows delegation of non-exportable credentials
Location Computer Configuration
Path System > Credentials Delegation
Registry Key Name Software\Policies\Microsoft\Windows\CredentialsDelegation
Registry Value Name AllowProtectedCreds
ADMX File Name CredSsp.admx

Policy configuration service provider