kfw-4.1: ms2mit in virtual setups?

Greg Hudson ghudson at mit.edu
Sat Sep 18 00:50:33 EDT 2021


On 9/17/21 5:14 PM, John Devitofranceschi wrote:
> I can see that “AllowTGTSessionKey” is set to ‘1’ in the virtual registry.  Is that not sufficient? Any way around this?

The current documentation of AllowTgtSessionKey says: "With active
Credential Guard in Windows 10 and later versions of Windows, you cannot
enable sharing the TGT session keys with applications anymore."  That's
from:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-protocol-registry-kdc-configuration-keys

There's more on Credential Guard at:
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard


More information about the Kerberos mailing list