> On Sep 18, 2021, at 8:21 AM, John Devitofranceschi <foo...@gmail.com> wrote: > > On Sep 18, 2021, at 12:50 AM, Greg Hudson <ghud...@mit.edu> wrote: >> >> On 9/17/21 5:14 PM, John Devitofranceschi wrote: >>> I can see that “AllowTGTSessionKey” is set to ‘1’ in the virtual registry. >>> Is that not sufficient? Any way around this? >> >> The current documentation of AllowTgtSessionKey says: "With active >> Credential Guard in Windows 10 and later versions of Windows, you cannot >> enable sharing the TGT session keys with applications anymore." > > > I’ve read that too, but Credential Guard is not running, according to the > “System Information” panel on our test host. > >
It turns out that it works just fine if you set allowtgtsessionkey in the system registry. It is not sufficient to simply set it in the virtual registry. jd
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
