Policy

Require trusted path for credential entry

Microsoft Windows

Back to Credential User InterfaceBack to main
Require trusted path for credential entry
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Credential User Interface
Supported on
At least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials. Note: This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled. If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism. If you disable or do not configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.

Internal name
EnableSecureCredentialPrompting
Policy ID
9bf8030101d1
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
Value name
EnableSecureCredentialPrompting
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
Value name
EnableSecureCredentialPrompting
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.