How to reverse the CredSSP Vulnerable State
Applies to: Previously Modified Workstations
Requirements for Method #1 and Method #2: Local Administrative Privileges
Requirements for Method #1 , Method #2, and Method #3: Reboot Workstation
Method #1: The Easy Way
If the user has administrative privilege on their workstation, this would be the simplest way to revert the machine's security.
- Download the CredSSP-Secure.reg file (Link to download on the bottom of this article)
- Run the file, and allow it to merge with the registry
- Reboot your computer
- You're done.
Method #2: The Harder Way
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
- Open the Registry: Start > Run > regedit
- Navigate to: HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/system/CredSSP/Parameters
- Double-click on the "AllowEncryptionOracle" key, and change the value from 2 to 1
- Close regedit
- Reboot your computer
- You're done.
Method #3: For IT Admins
If this change was done globally to fix this via Group Policy:
- Open the Group Policy in question
- Navigate to: Computer Configuration > Administrative Templates > System > Credentials Delegation
- Double click on "Encryption Oracle Remediation"
- Change the value from "Vulnerable" to "Mitigation"
- Deploy the policy
- Note: The end user's workstations will require a reboot for this policy to take effect.