Working with a Client at the moment who have added the above security setting and recently added some 2016 machines. The GPO setting is using option 3 in this list however when attempting to initiate a connection using MSTSC I receive a CredSSP encryption
Oracle remediation error message.
- Restrict Credential Delegation
|
Registry Hive
|
HKEY_LOCAL_MACHINE
|
|
Registry Path
|
Software\Policies\Microsoft\Windows\CredentialsDelegation
|
|
Value Name
|
RestrictedRemoteAdministrationType
|
|
Value Type
|
REG_DWORD
|
|
Value
|
3
|
- Require Remote Credential Guard
|
Registry Hive
|
HKEY_LOCAL_MACHINE
|
|
Registry Path
|
Software\Policies\Microsoft\Windows\CredentialsDelegation
|
|
Value Name
|
RestrictedRemoteAdministrationType
|
|
Value Type
|
REG_DWORD
|
|
Value
|
2
|
- Require Restricted Admin
|
Registry Hive
|
HKEY_LOCAL_MACHINE
|
|
Registry Path
|
Software\Policies\Microsoft\Windows\CredentialsDelegation
|
|
Value Name
|
RestrictedRemoteAdministrationType
|
|
Value Type
|
REG_DWORD
|
|
Value
|
1
|
I have added the registry key to the destination and host :
| DWORD = DisableRestrictedAdmin but cannot connect due to the CredSSH error, on a 2016 machine I can change the sub setting in PreProd to 'Require Restricted Admin' and the connection completes however
in production this setting is set by GPO that I do not have access to see or change so was wondering if there are any other Admin's out there that are having this issue and if there is a resolution that does not reduce the security. |
