Policy

Remote host allows delegation of non-exportable credentials

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategorySystem > Credentials Delegation
Supported onAt least Windows Server 2016, Windows 10 Version 1703

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

Remote host allows delegation of non-exportable credentials When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode. If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.

Internal name
AllowProtectedCreds
Policy ID
4eac6b575d64
Elements
0

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowProtectedCredsREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.

Other policies in this category

Explore related policies at the same level.