Policy
Ignore Delegation Failure
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested. The constrained delegation model, introduced in Windows Server 2003, does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation. If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. If you do not configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. If you enable this policy setting, then: -- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context does not support delegation. -- "On" directs the RPC Runtime to accept security contexts that do not support delegation even if delegation was asked for. Note: This policy setting will not be applied until the system is rebooted.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Ignoring Delegation Failure: ID RpcIgnoreDelegationFailureList | enum | HKLM\Software\Policies\Microsoft\Windows NT\Rpc\IgnoreDelegationFailure Type REG_DWORD | Options: Off (0), On (1) |
Other policies in this category
Explore related policies at the same level.
- ComputerEnable RPC Endpoint Mapper Client AuthenticationAt least Windows XP Professional with SP2
- ComputerMaintain RPC Troubleshooting State InformationAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerPropagate extended error informationAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerRestrict Unauthenticated RPC clientsAt least Windows XP Professional with SP2
- ComputerSet Minimum Idle Connection Timeout for RPC/HTTP connectionsAt least Windows Server 2003 operating systems or Windows XP Professional with SP1