Export (0) Print
Expand All

CredSSP Group Policy Settings

For Credential Security Support Provider protocol (CredSSP) to delegate credentials, you must specify which servers can be delegated to. To specify those servers, modify settings in the Group Policy Editor (GPE) Microsoft Management Console (MMC) snap-in. The GPE settings that control delegation are under Computer Configuration | Administrative Templates | System | Credentials Delegation.

Caution  This is not constrained delegation. CredSSP passes the user's full credentials to the server without any constraint.

Group policy settings control delegation of the following types of credentials.

Credentials TypeDescription

Default credentials

The credentials obtained when the user first logs on to Windows.

Fresh credentials

The credentials that the user is prompted for when executing an application.

Saved credentials

The credentials that are saved using Credential Manager.

 

To include a server in the category associated with a particular group policy setting, add the Service Principal Name (SPN) of that server to the list of servers for that group policy setting. The SPN can contain a single wildcard character.

 

 

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

Show:
© 2014 Microsoft