This policy allows you to set the level of protection desired for the encryption oracle vulnerability. This policy controls compatibility with vulnerable clients and servers. Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client. This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection). Device/Vendor/MSFT/Policy/Config/ADMX_CredSsp/AllowEncryptionOracle If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any machine.Īllow delegating default credentials with NTLM-only server authentication If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows). This policy setting applies when server authentication was achieved via NTLM. Device/Vendor/MSFT/Policy/Config/ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly Software\Policies\Microsoft\Windows\CredentialsDelegation For an example of SyncML format, refer to Enabling a policy. This is an ADMX-backed policy and requires SyncML format for configuration. Applications depending upon this delegation behavior might fail authentication. If you disable or don't configure (by default) this policy setting, delegation of default credentials isn't permitted to any computer.The policy becomes effective the next time the user signs on to a computer running Windows. If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).This policy setting applies when server authentication was achieved by using a trusted X509 certificate or Kerberos. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
Device/Vendor/MSFT/Policy/Config/ADMX_CredSsp/AllowDefaultCredentials For more information, see CDATA Sections. To avoid encoding the payload, you can use CDATA if your MDM supports it.
The payload of the SyncML must be XML-encoded for this XML encoding, there are a variety of online encoders that you can use.
For details, see Understanding ADMX-backed policies. You must specify the data type in the SyncML as chr. This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable.
0 kommentar(er)
