Require trusted path for credential entry

Require trusted path for credential entry

It is better to have a security policy on a high level if there is a shared system is being used. When a normal user tries to make a change that can only be done with the administrator user, and then he will be asked with an additional step. You can see the images of those below.

 

This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.

 

Note: This policy affects no logon authentication tasks only. As a security best practice, this policy should be enabled.

 

If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism.

 

If you disable or do not configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.

---

Process 1

You need to navigate to this location:

Computer Configuration\Administrative Templates\Windows Components\Credential User Interface

Double-click the “Require trusted path for credential entry” policy.

Set it to Enable. Click Apply and then OK.

Once it is done, whenever a normal/standard user will try to open a part that require admin right will be asked for the login detail of a admin user.

---

Process 2

You need to follow below steps to make that applicable with the help of registry.

Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Microsoft\Windows\CurrentVersion\Policies\CredUI Value Name EnableSecureCredentialPrompting Value Type REG_DWORD Enabled Value 1 Disabled Value 0

• Tweet
• Share
• Share
• Share
• Share