Understand why connections to systems may fail once you set policy to prefer Remote Credential Guard.

Learn exactly what the policy related to preferring Remote Credential Guard really means.

John Savill

September 16, 2016

1 Min Read
ITPro Today logo

Q. I configured Prefer Remote Credential Guard on a system but now it cannot connect to remote systems, why is it not failing back to regular authentication?

A. The Group Policy : Computer Configuration - Administrative Templates - System - Credentials Delegation - Restrict delegation of credentials to remote servers may not be doing exactly what you think it is doing. One of the settings is "Prefer Remote Credential Guard" which many would read as "try Remote Credential Guard and if you can't use it then use regular authentication" but that is not what the policy actually means. What Prefer Remote Credential Guard is to prefer Remote Credential Guard over Restricted Admin but if neither are possible then the connection will simply fail.

Restricted Admin connected a user to a remote server without sending their credentials to the remote host and all further connections to remote services from the remote session would be done as the server computer object itself which posed problems when the computer object did not have permissions to those remote resources.

About the Author(s)

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like