windows-itpro-docs/windows/client-management/mdm/policy-csp-admx-credui.md
Vinay Pamnani (from Dev Box) 29e044c903 MDM/CSP metadata changes
2024-01-18 12:26:53 -05:00

6.1 KiB

title, description, ms.date
title description ms.date
ADMX_CredUI Policy CSP Learn more about the ADMX_CredUI Area in Policy CSP. 01/18/2024

Policy CSP - ADMX_CredUI

[!INCLUDE ADMX-backed CSP tip]

EnableSecureCredentialPrompting

Scope Editions Applicable OS
Device
User
Pro
Enterprise
Education
Windows SE
IoT Enterprise / IoT Enterprise LTSC
Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later
./Device/Vendor/MSFT/Policy/Config/ADMX_CredUI/EnableSecureCredentialPrompting

This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user's Windows credentials.

Note

This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.

  • If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism.

  • If you disable or don't configure this policy setting, users will enter Windows credentials within the user's desktop session, potentially allowing malicious code access to the user's Windows credentials.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

[!INCLUDE ADMX-backed policy note]

ADMX mapping:

Name Value
Name EnableSecureCredentialPrompting
Friendly Name Require trusted path for credential entry
Location Computer Configuration
Path Windows Components > Credential User Interface
Registry Key Name Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
Registry Value Name EnableSecureCredentialPrompting
ADMX File Name CredUI.admx

NoLocalPasswordResetQuestions

Scope Editions Applicable OS
Device
User
Pro
Enterprise
Education
Windows SE
IoT Enterprise / IoT Enterprise LTSC
Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later
./Device/Vendor/MSFT/Policy/Config/ADMX_CredUI/NoLocalPasswordResetQuestions

If you turn this policy setting on, local users won't be able to set up and use security questions to reset their passwords.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

[!INCLUDE ADMX-backed policy note]

ADMX mapping:

Name Value
Name NoLocalPasswordResetQuestions
Friendly Name Prevent the use of security questions for local accounts
Location Computer Configuration
Path Windows Components > Credential User Interface
Registry Key Name Software\Policies\Microsoft\Windows\System
Registry Value Name NoLocalPasswordResetQuestions
ADMX File Name CredUI.admx

Policy configuration service provider