Skip to content

Microsoft, can you please elaborate (Caution about CredSSP)?

December 4, 2013

Microsoft publishes the following caution about enabling the CredSSP Windows Group Policy:

Caution: Credential Security Support Provider (CredSSP) authentication, in which the user’s credentials are passed to a remote computer to be authenticated, is designed for commands that require authentication on more than one resource, such as accessing a remote network share. This mechanism increases the security risk of the remote operation. If the remote computer is compromised, the credentials that are passed to it can be used to control the network session.

I can’t find a whole lot of discussion on this caution from Microsoft nor can I find a lot of prescriptive advice from them, either.

Microsoft – a little help?



From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: