Oracle Database

How to Disable CredSSP RDP?

2 years ago
by Nimrah Ch
In today’s world, Cyber Attackers are looking for an opportunity to exploit any vulnerability in the system. It steals valuable information or harms the system through viruses and worms. One such common vulnerability is CredSSP RDP which is enabled by default so to prevent the system users should disable it.

This post will discuss the following content:

What is CredSSP RDP?

CredSSP (an acronym for Credential Security Support Provider) is a security protocol utilized by RDP (Remote Desktop Protocol) to transmit credentials and authenticate the connection between a client and a remote server.

It aids in preventing man-in-the-middle attacks by encrypting credentials. However, a vulnerability in CredSSP was discovered that can allow an attacker to execute remote code on a targeted system.

Why Do We Need to Disable CredSSP RDP?

The CredSSP RDP should be disabled to prevent security risks and attacks as a vulnerability named CredSSP vulnerability was discovered in it that can aid attackers to execute harmful code on your computer.

This vulnerability affects all versions of Windows, so it is recommended to disable CredSSP RDP and prevent the exploitation of this vulnerability and protect your system from potential attacks.

Let us discuss different methods to disable CredSSP RDP in your Windows.

Method 1: Disable CredSSP RDP Using Group Policy

Type ā€œgroup policyā€ by pressing ā€œWindows Key + Sā€. Then, click on the ā€œOpenā€ option to open the ā€œEdit group policyā€:

Expand the ā€œComputer Configurationā€, ā€œAdministrative Templatesā€ and then ā€œSystemā€ directories:

Now locate and select the ā€œCredentials Delegationā€ directory. Some files will open in the right panel, double click on the ā€œEncryption Oracle Remediationā€ file:

Select the ā€œDisabledā€ option and click on the ā€œOKā€ button:

The next step is to open Command Prompt and type the command given below to immediately update the security policies of your system:

Gpupdate /Force

Output

The output depicted that the update of policy will consume some moments.

Output

Your CredSSP RDP is disabled, and the policies are updated successfully.

Method 2: Disable CredSSP RDP Using Registry Editor

Users can also use the registry editor to disable the CredSSP RDP, for that purpose search and open ā€œRegistry Editorā€ from the Start Menu:

The Registry Editor window will open:

In the address bar of Registry Editor, paste the address given below and hit enter:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\CredSSP\Parameters

You can also navigate to these directories by expanding each of them.

It will open the parameters directory, double click on the ā€œAllowEncryptionOracleā€ file:

Type ā€œ2ā€ in the Value data and click on the ā€œOKā€ button to disable the CredSSP RDP:

The CredSSP RDP is disabled successfully in the system.

Conclusion

To disable CredSSP RDP in Windows, use Group Policy or Registry Editor. It prevents security risks and attacks and protects your system. It authenticates the connection between a client system and a remote server. However, a vulnerability was discovered in CredSSP that can allow attackers to execute harmful code on the system so to prevent this disable CredSSP RDP. This post demonstrated two methods to disable CredSSP RDP.

About the author

Nimrah Ch

Iā€™m a technical writer with a Bachelor's in Software Engineering and Certification in Cyber Security. Through my research and writing, I strive to provide readers with in-depth, informative articles that can help them make informed decisions about their technological needs.

View all posts