On 9/17/21 5:14 PM, John Devitofranceschi wrote: > I can see that “AllowTGTSessionKey” is set to ‘1’ in the virtual registry. > Is that not sufficient? Any way around this?
The current documentation of AllowTgtSessionKey says: "With active Credential Guard in Windows 10 and later versions of Windows, you cannot enable sharing the TGT session keys with applications anymore." That's from: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-protocol-registry-kdc-configuration-keys There's more on Credential Guard at: https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
