Working with a Client at the moment who have added the above security setting and recently added some 2016 machines. The GPO setting is using option 3 in this list however when attempting to initiate a connection using MSTSC I receive a CredSSP encryption Oracle remediation error message.
Restrict Credential Delegation
Registry Hive
HKEY_LOCAL_MACHINE
Registry Path
Software\Policies\Microsoft\Windows\CredentialsDelegation
Value Name
RestrictedRemoteAdministrationType
Value Type
REG_DWORD
Value
3
Require Remote Credential Guard
Registry Hive
HKEY_LOCAL_MACHINE
Registry Path
Software\Policies\Microsoft\Windows\CredentialsDelegation
Value Name
RestrictedRemoteAdministrationType
Value Type
REG_DWORD
Value
2
Require Restricted Admin
Registry Hive
HKEY_LOCAL_MACHINE
Registry Path
Software\Policies\Microsoft\Windows\CredentialsDelegation
Value Name
RestrictedRemoteAdministrationType
Value Type
REG_DWORD
Value
1
I have added the registry key to the destination and host :
DWORD = DisableRestrictedAdmin but cannot connect due to the CredSSH error, on a 2016 machine I can change the sub setting in PreProd to 'Require Restricted Admin' and the connection completes however in production this setting is set by GPO that I do not have access to see or change so was wondering if there are any other Admin's out there that are having this issue and if there is a resolution that does not reduce the security.