Remote Credential Guard, introduced with Windows 10 version 1607 allows to you protect your credentials over a Remote Desktop connection towards a domain joined server or client.
This is designed for scenarios where both client & server are joined to the same domain or a trust relationship between the domains must exist.
Scenarios as defined by Microsoft:
- Administrator credentials are highly privileged and must be protected. By using Remote Credential Guard to connect, you can be assured that your credentials are not passed over the network to the target device.
- Helpdesk employees in your organization must connect to domain-joined devices that could be compromised. With Remote Credential Guard, the helpdesk employee can use RDP to connect to the target device without compromising their credentials to malware.
It can be enabled on the client by configuring the GPO setting Restrict delegation of credentials to remote servers to Require Remote Credential Guard located in Configuration -> Administrative Templates -> System -> Credentials Delegation.
If you don’t use GPO (but seriously who doesn't) you can use the new switch of the mstsc command by running mstsc.exe /remoteGuard.
Source & more details: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/remote-credential-guard
No comments:
Post a Comment