Policy

Remote host allows delegation of non-exportable credentials

Microsoft Windows

Back to Credentials DelegationBack to main
Remote host allows delegation of non-exportable credentials
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
System > Credentials Delegation
Supported on
At least Windows Server 2016, Windows 10 Version 1703

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

Remote host allows delegation of non-exportable credentials When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode. If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.

Internal name
AllowProtectedCreds
Policy ID
4eac6b575d64
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Policies\Microsoft\Windows\CredentialsDelegation
Value name
AllowProtectedCreds
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Policies\Microsoft\Windows\CredentialsDelegation
Value name
AllowProtectedCreds
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.