Policy
Remote host allows delegation of non-exportable credentials
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
Remote host allows delegation of non-exportable credentials When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode. If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.
Registry values
How enabled and disabled states update the registry.
| Scope | Registry location | Type | Enabled value | Disabled value | Copy |
|---|---|---|---|---|---|
| Computer | Path Software\Policies\Microsoft\Windows\CredentialsDelegation Value name AllowProtectedCreds | REG_DWORD | HKLM 1 | HKLM 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.