Remote host allows delegation of non-exportable credentials

Remote host allows delegation of non-exportable credentials

When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host.

If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode.

If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.

Supported on: At least Windows Server 2016, Windows 10 Version 1703

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows\CredentialsDelegation
Value NameAllowProtectedCreds
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

credssp.admx

Administrative Templates (Computers)

Administrative Templates (Users)