Gecko [ edgpens.lpkmn.gov.my ]

Name	Size	Permission
.mad-root	0 B	-rw-rw-rw-
AVSValidationGP.adml	1.84 KB	-rw-rw-rw-
ActiveXInstallService.adml	5.47 KB	-rw-rw-rw-
AddRemovePrograms.adml	10.48 KB	-rw-rw-rw-
AllowBuildPreview.adml	1.28 KB	-rw-rw-rw-
AppCompat.adml	9.88 KB	-rw-rw-rw-
AppPrivacy.adml	30.53 KB	-rw-rw-rw-
AppXRuntime.adml	5.06 KB	-rw-rw-rw-
AppxPackageManager.adml	4.97 KB	-rw-rw-rw-
AttachmentManager.adml	9.61 KB	-rw-rw-rw-
AuditSettings.adml	1.8 KB	-rw-rw-rw-
AutoPlay.adml	4.77 KB	-rw-rw-rw-
Biometrics.adml	4.75 KB	-rw-rw-rw-
Bits.adml	31.41 KB	-rw-rw-rw-
CEIPEnable.adml	1.9 KB	-rw-rw-rw-
COM.adml	1.63 KB	-rw-rw-rw-
Camera.adml	1.59 KB	-rw-rw-rw-
CipherSuiteOrder.adml	3.4 KB	-rw-rw-rw-
CloudContent.adml	4.83 KB	-rw-rw-rw-
Conf.adml	10.72 KB	-rw-rw-rw-
ControlPanel.adml	8.03 KB	-rw-rw-rw-
ControlPanelDisplay.adml	20.98 KB	-rw-rw-rw-
Cpls.adml	1.55 KB	-rw-rw-rw-
CredSsp.adml	20.62 KB	-rw-rw-rw-
CredUI.adml	3.05 KB	-rw-rw-rw-
CredentialProviders.adml	7.28 KB	-rw-rw-rw-
CtrlAltDel.adml	3.41 KB	-rw-rw-rw-
DCOM.adml	4.95 KB	-rw-rw-rw-
DFS.adml	1.51 KB	-rw-rw-rw-
DWM.adml	4.71 KB	-rw-rw-rw-
DataCollection.adml	4.87 KB	-rw-rw-rw-
Desktop.adml	22.12 KB	-rw-rw-rw-
DeviceCompat.adml	1012 B	-rw-rw-rw-
DeviceCredential.adml	1.36 KB	-rw-rw-rw-
DeviceGuard.adml	5.14 KB	-rw-rw-rw-
DeviceInstallation.adml	20.04 KB	-rw-rw-rw-
DeviceRedirection.adml	2.83 KB	-rw-rw-rw-
DeviceSetup.adml	8.52 KB	-rw-rw-rw-
DigitalLocker.adml	1.16 KB	-rw-rw-rw-
DiskDiagnostic.adml	3.92 KB	-rw-rw-rw-
DiskNVCache.adml	4.15 KB	-rw-rw-rw-
DiskQuota.adml	9.09 KB	-rw-rw-rw-
DistributedLinkTracking.adml	1.19 KB	-rw-rw-rw-
DnsClient.adml	30.61 KB	-rw-rw-rw-
EAIME.adml	8.47 KB	-rw-rw-rw-
EarlyLaunchAM.adml	2.48 KB	-rw-rw-rw-
EdgeUI.adml	4.73 KB	-rw-rw-rw-
EncryptFilesonMove.adml	1.23 KB	-rw-rw-rw-
EnhancedStorage.adml	5.64 KB	-rw-rw-rw-
ErrorReporting.adml	30.15 KB	-rw-rw-rw-
EventForwarding.adml	2.49 KB	-rw-rw-rw-
EventLog.adml	11.12 KB	-rw-rw-rw-
EventLogging.adml	2.49 KB	-rw-rw-rw-
EventViewer.adml	2.31 KB	-rw-rw-rw-
Explorer.adml	4.26 KB	-rw-rw-rw-
ExternalBoot.adml	2.74 KB	-rw-rw-rw-
FeedbackNotifications.adml	1.17 KB	-rw-rw-rw-
FileHistory.adml	988 B	-rw-rw-rw-
FileRecovery.adml	2.91 KB	-rw-rw-rw-
FileRevocation.adml	2.55 KB	-rw-rw-rw-
FileServerVSSProvider.adml	1.48 KB	-rw-rw-rw-
FileSys.adml	5.37 KB	-rw-rw-rw-
FolderRedirection.adml	7.76 KB	-rw-rw-rw-
FramePanes.adml	2.11 KB	-rw-rw-rw-
GameExplorer.adml	1.85 KB	-rw-rw-rw-
Globalization.adml	26.12 KB	-rw-rw-rw-
GroupPolicy-Server.adml	1.45 KB	-rw-rw-rw-
GroupPolicy.adml	64.39 KB	-rw-rw-rw-
GroupPolicyPreferences.adml	130.2 KB	-rw-rw-rw-
Help.adml	5.51 KB	-rw-rw-rw-
HelpAndSupport.adml	3.02 KB	-rw-rw-rw-
ICM.adml	18.91 KB	-rw-rw-rw-
IIS.adml	1.38 KB	-rw-rw-rw-
InetRes.adml	450.49 KB	-rw-rw-rw-
InkWatson.adml	1.39 KB	-rw-rw-rw-
KDC.adml	11.73 KB	-rw-rw-rw-
Kerberos.adml	20.13 KB	-rw-rw-rw-
LanmanServer.adml	8.68 KB	-rw-rw-rw-
LanmanWorkstation.adml	5.12 KB	-rw-rw-rw-
LeakDiagnostic.adml	1.55 KB	-rw-rw-rw-
LinkLayerTopologyDiscovery.adm...	3.56 KB	-rw-rw-rw-
LocationProviderAdm.adml	1.18 KB	-rw-rw-rw-
Logon.adml	15.75 KB	-rw-rw-rw-
MDM.adml	1.14 KB	-rw-rw-rw-
MMC.adml	4.69 KB	-rw-rw-rw-
MMCSnapIns2.adml	3.18 KB	-rw-rw-rw-
MMCSnapins.adml	9.92 KB	-rw-rw-rw-
MSDT.adml	4.71 KB	-rw-rw-rw-
MSI.adml	29.85 KB	-rw-rw-rw-
MobilePCMobilityCenter.adml	1.18 KB	-rw-rw-rw-
MobilePCPresentationSettings.a...	1.45 KB	-rw-rw-rw-
Msi-FileRecovery.adml	3.01 KB	-rw-rw-rw-
NCSI.adml	5.48 KB	-rw-rw-rw-
Netlogon.adml	46.17 KB	-rw-rw-rw-
NetworkConnections.adml	41.01 KB	-rw-rw-rw-
NetworkIsolation.adml	6.59 KB	-rw-rw-rw-
NetworkProvider.adml	2.58 KB	-rw-rw-rw-
OfflineFiles.adml	49.72 KB	-rw-rw-rw-
P2P-pnrp.adml	15.59 KB	-rw-rw-rw-
Passport.adml	10.03 KB	-rw-rw-rw-
PeerToPeerCaching.adml	24.06 KB	-rw-rw-rw-
PenTraining.adml	1.18 KB	-rw-rw-rw-
PerformanceDiagnostics.adml	7.99 KB	-rw-rw-rw-
PerformancePerftrack.adml	1.18 KB	-rw-rw-rw-
Power.adml	30.64 KB	-rw-rw-rw-
PowerShellExecutionPolicy.adml	8.4 KB	-rw-rw-rw-
PreviousVersions.adml	5.18 KB	-rw-rw-rw-
Printing.adml	34.09 KB	-rw-rw-rw-
Printing2.adml	14.26 KB	-rw-rw-rw-
Programs.adml	6.86 KB	-rw-rw-rw-
QOS.adml	21.58 KB	-rw-rw-rw-
RPC.adml	13.4 KB	-rw-rw-rw-
RacWmiProv.adml	1.36 KB	-rw-rw-rw-
Radar.adml	2.65 KB	-rw-rw-rw-
ReAgent.adml	1.77 KB	-rw-rw-rw-
Reliability.adml	5.19 KB	-rw-rw-rw-
RemoteAssistance.adml	10.13 KB	-rw-rw-rw-
RemovableStorage.adml	13.32 KB	-rw-rw-rw-
Scripts.adml	12.24 KB	-rw-rw-rw-
Search.adml	36.07 KB	-rw-rw-rw-
Securitycenter.adml	2.41 KB	-rw-rw-rw-
Sensors.adml	2.01 KB	-rw-rw-rw-
ServerManager.adml	4.84 KB	-rw-rw-rw-
Servicing.adml	2.35 KB	-rw-rw-rw-
SettingSync.adml	9.51 KB	-rw-rw-rw-
Setup.adml	2.01 KB	-rw-rw-rw-
ShapeCollector.adml	1.64 KB	-rw-rw-rw-
SharedFolders.adml	1.81 KB	-rw-rw-rw-
Sharing.adml	2.41 KB	-rw-rw-rw-
Shell-CommandPrompt-RegEditToo...	5.12 KB	-rw-rw-rw-
ShellWelcomeCenter.adml	1.01 KB	-rw-rw-rw-
Sidebar.adml	2.13 KB	-rw-rw-rw-
SkyDrive.adml	3.83 KB	-rw-rw-rw-
Smartcard.adml	13.57 KB	-rw-rw-rw-
Snmp.adml	4.92 KB	-rw-rw-rw-
SoundRec.adml	1.13 KB	-rw-rw-rw-
StartMenu.adml	53.79 KB	-rw-rw-rw-
SystemRestore.adml	2.58 KB	-rw-rw-rw-
TPM.adml	18.92 KB	-rw-rw-rw-
TabletPCInputPanel.adml	14.61 KB	-rw-rw-rw-
TabletShell.adml	6.52 KB	-rw-rw-rw-
TaskScheduler.adml	6.87 KB	-rw-rw-rw-
Taskbar.adml	12.69 KB	-rw-rw-rw-
TerminalServer-Server.adml	18.12 KB	-rw-rw-rw-
TerminalServer.adml	129.66 KB	-rw-rw-rw-
Thumbnails.adml	2.44 KB	-rw-rw-rw-
TouchInput.adml	2.01 KB	-rw-rw-rw-
UserExperienceVirtualization.a...	110.67 KB	-rw-rw-rw-
UserProfiles.adml	42.87 KB	-rw-rw-rw-
VolumeEncryption.adml	100.16 KB	-rw-rw-rw-
W32Time.adml	16.42 KB	-rw-rw-rw-
WCM.adml	5.59 KB	-rw-rw-rw-
WDI.adml	3.58 KB	-rw-rw-rw-
WPN.adml	7.83 KB	-rw-rw-rw-
WinCal.adml	1.06 KB	-rw-rw-rw-
WinInit.adml	2.42 KB	-rw-rw-rw-
WinLogon.adml	8.77 KB	-rw-rw-rw-
WinMaps.adml	1.78 KB	-rw-rw-rw-
Windows.adml	9.2 KB	-rw-rw-rw-
WindowsAnytimeUpgrade.adml	1.03 KB	-rw-rw-rw-
WindowsBackup.adml	3.4 KB	-rw-rw-rw-
WindowsColorSystem.adml	1.39 KB	-rw-rw-rw-
WindowsConnectNow.adml	3.33 KB	-rw-rw-rw-
WindowsDefender.adml	75.79 KB	-rw-rw-rw-
WindowsExplorer.adml	56.6 KB	-rw-rw-rw-
WindowsFileProtection.adml	4.16 KB	-rw-rw-rw-
WindowsFirewall.adml	42.14 KB	-rw-rw-rw-
WindowsInkWorkspace.adml	1.55 KB	-rw-rw-rw-
WindowsMail.adml	1.13 KB	-rw-rw-rw-
WindowsMediaDRM.adml	1.6 KB	-rw-rw-rw-
WindowsMediaPlayer.adml	21.55 KB	-rw-rw-rw-
WindowsMessenger.adml	2.55 KB	-rw-rw-rw-
WindowsProducts.adml	5.98 KB	-rw-rw-rw-
WindowsRemoteManagement.adml	14.21 KB	-rw-rw-rw-
WindowsRemoteShell.adml	5.37 KB	-rw-rw-rw-
WindowsServer.adml	1011 B	-rw-rw-rw-
WindowsStore.adml	3.5 KB	-rw-rw-rw-
WindowsUpdate.adml	43.45 KB	-rw-rw-rw-
Winsrv.adml	1.42 KB	-rw-rw-rw-
WirelessDisplay.adml	1.45 KB	-rw-rw-rw-
WordWheel.adml	2.56 KB	-rw-rw-rw-
WorkFolders-Client.adml	3.38 KB	-rw-rw-rw-
WorkplaceJoin.adml	1.2 KB	-rw-rw-rw-
appv.adml	25 KB	-rw-rw-rw-
fthsvc.adml	1.77 KB	-rw-rw-rw-
hotspotauth.adml	1.47 KB	-rw-rw-rw-
iSCSI.adml	5.1 KB	-rw-rw-rw-
msched.adml	3.37 KB	-rw-rw-rw-
nca.adml	8.28 KB	-rw-rw-rw-
pca.adml	6.09 KB	-rw-rw-rw-
sdiageng.adml	3.21 KB	-rw-rw-rw-
sdiagschd.adml	2.5 KB	-rw-rw-rw-
srm-fci.adml	7.49 KB	-rw-rw-rw-
tcpip.adml	13.15 KB	-rw-rw-rw-
wlansvc.adml	4.44 KB	-rw-rw-rw-
wwansvc.adml	2.9 KB	-rw-rw-rw-

Code Editor : CredSsp.adml

<?xml version="1.0" encoding="utf-8"?>

<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
  <displayName>enter display name here</displayName>
  <description>enter description here</description>
  <resources>
    <stringTable>
      <string id="AllowDefaultCredentials">Allow delegating default credentials</string>
      <string id="AllowDefaultCredentials_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

This policy setting applies when server authentication was achieved by using a trusted X509 certificate or Kerberos.

If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).

The policy becomes effective the next time the user signs on to a computer running Windows.

If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.

FWlink for KB:
http://go.microsoft.com/fwlink/?LinkId=301508

Note: The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs).  The SPN represents the target server to which the user credentials can be delegated.  The use of a single wildcard character is permitted when specifying the SPN.

For Example:
TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
TERMSRV/* Remote Desktop Session Host running on all machines.
TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com</string>
      <string id="AllowDefCredentialsWhenNTLMOnly">Allow delegating default credentials with NTLM-only server authentication</string>
      <string id="AllowDefCredentialsWhenNTLMOnly_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

This policy setting applies when server authentication was achieved via NTLM.

If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).

If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.

Note: The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated.  The use of a single wildcard character is permitted when specifying the SPN.

For Example:
TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
TERMSRV/* Remote Desktop Session Host running on all machines.
TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com</string>
      <string id="AllowFreshCredentials">Allow delegating fresh credentials</string>
      <string id="AllowFreshCredentials_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.

If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).

If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).

If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.

Note: The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN.

For Example:
TERMSRV/host.humanresources.fabrikam.com
Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
TERMSRV/* Remote Desktop Session Host running on all machines.
TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com</string>
      <string id="AllowFreshCredentialsWhenNTLMOnly">Allow delegating fresh credentials with NTLM-only server authentication</string>
      <string id="AllowFreshCredentialsWhenNTLMOnly_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

This policy setting applies when server authentication was achieved via NTLM.

If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.

Note: The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.

For Example:
TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
TERMSRV/* Remote Desktop Session Host running on all machines.
TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com</string>
      <string id="AllowSavedCredentials">Allow delegating saved credentials</string>
      <string id="AllowSavedCredentials_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.

If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).

If you disable this policy setting, delegation of saved credentials is not permitted to any machine.

Note: The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.

For Example:
TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
TERMSRV/* Remote Desktop Session Host running on all machines.
TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com</string>
      <string id="AllowSavedCredentialsWhenNTLMOnly">Allow delegating saved credentials with NTLM-only server authentication</string>
      <string id="AllowSavedCredentialsWhenNTLMOnly_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

This policy setting applies when server authentication was achieved via NTLM.

If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine.

If you disable this policy setting, delegation of saved credentials is not permitted to any machine.

Note: The "Allow delegating saved credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.

For Example:
TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
TERMSRV/* Remote Desktop Session Host running on all machines.
TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com</string>
      <string id="CredentialsDelegation">Credentials Delegation</string>
      <string id="DenyDefaultCredentials">Deny delegating default credentials</string>
      <string id="DenyDefaultCredentials_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows).

If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.

Note: The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.

This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating default credentials" server list.</string>
      <string id="DenyFreshCredentials">Deny delegating fresh credentials</string>
      <string id="DenyFreshCredentials_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).

If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.

Note: The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.

This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating fresh credentials" server list.</string>
      <string id="DenySavedCredentials">Deny delegating saved credentials</string>
      <string id="DenySavedCredentials_Explain">This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).

If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).

If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.

Note: The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.

This policy setting can be used in combination with the "Allow delegating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating saved credentials" server list.</string>
      <string id="RestrictedRemoteAdministration">Restrict delegation of credentials to remote servers</string>
      <string id="RestrictedRemoteAdministration_Explain">When running in Restricted Administration mode or if the device is using Remote Credential Guard, participating apps do not expose credentials to remote devices (regardless of the delegation method). Restricted Administration mode may limit access to resources located on other servers or networks beyond the target computer because credentials are not delegated. Remote Credential Guard does not limit access to resources by redirecting all requests back to the client device.

Participating apps:
Remote Desktop Client

If you enable this policy setting, Restricted Administration mode or Remote Credential Guard is enforced and participating apps will not delegate credentials to remote devices.

If you disable or do not configure this policy setting, Restricted Administration mode and Remote Credential Guard are not enforced and participating apps can delegate credentials to remote devices.

Note: To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\Administrative Templates\System\Credentials Delegation).

Note: On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard.
</string>
      <string id="SUPPORTED_VISTA">Windows Vista</string>
      <string id="PreferRemoteCredentialGuard">Prefer Remote Credential Guard</string>
      <string id="RequireRemoteCredentialGuard">Require Remote Credential Guard</string>
      <string id="RequireRestrictedAdmin">Require Restricted Admin</string>
      <string id="AllowEncryptionOracle">Encryption Oracle Remediation</string>
      <string id="AllowEncryptionOracle_Explain">Encryption Oracle Remediation

This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).

Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client.  This policy controls compatibility with vulnerable clients and servers.  This policy allows you to set the level of protection desired for the encryption oracle vulnerability.

If you enable this policy setting, CredSSP version support will be selected based on the following options:

Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. Note: this setting should not be deployed until all remote hosts support the newest version.

Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.

Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.

For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660</string>
      <string id="AllowEncryptionOracle_Force">Force Updated Clients</string>
      <string id="AllowEncryptionOracle_Secure">Mitigated</string>
      <string id="AllowEncryptionOracle_Allow">Vulnerable</string>
    </stringTable>
    
    <presentationTable>
      <presentation id="AllowDefaultCredentials">
        <listBox refId="AllowDefaultCredentials_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_ADC" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="AllowDefCredentialsWhenNTLMOnly">
        <listBox refId="AllowDefCredentialsWhenNTLMOnly_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_ADCN" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="AllowFreshCredentials">
        <listBox refId="AllowFreshCredentials_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_AFC" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="AllowFreshCredentialsWhenNTLMOnly">
        <listBox refId="AllowFreshCredentialsWhenNTLMOnly_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_AFCN" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="AllowSavedCredentials">
        <listBox refId="AllowSavedCredentials_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_ASC" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="AllowSavedCredentialsWhenNTLMOnly">
        <listBox refId="AllowSavedCredentialsWhenNTLMOnly_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_ASCN" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="DenyDefaultCredentials">
        <listBox refId="DenyDefaultCredentials_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_DDC" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="DenyFreshCredentials">
        <listBox refId="DenyFreshCredentials_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_DFC" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="DenySavedCredentials">
        <listBox refId="DenySavedCredentials_Name">Add servers to the list:</listBox>
        <checkBox refId="ConcatenateDefaults_DSC" defaultChecked="true">Concatenate OS defaults with input above</checkBox>
      </presentation>
      <presentation id="RestrictedRemoteAdministration">
        <dropdownList refId="RestrictedRemoteAdministrationDrop" defaultItem="0">Use the following restricted mode:</dropdownList>
      </presentation>
      <presentation id="AllowEncryptionOracle">
        <dropdownList refId="AllowEncryptionOracleDrop" defaultItem="1">Protection Level:</dropdownList>
      </presentation>
    </presentationTable>
  </resources>
</policyDefinitionResources>

${this.title}

Code Editor : CredSsp.adml