Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows systems that do not have the 2919355 update installed: July 8, 2014


View products that this article applies to.

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:

↑ Back to the top


More Information


On July 8, 2014, Microsoft released the following:


2973351 Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014
2975625 Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows systems that do not have the 2919355 update installed: July 8, 2014

This update provides configurable registry settings for managing the Restricted Admin mode for Credential Security Support Provider (CredSSP).


Note The update changes default Restricted Admin mode functionality in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information, see the FAQ section of the advisory.

How to configure the Restricted Admin registry setting

ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
The default behavior for Restricted Admin mode changed in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. By default, Restricted Admin mode is now turned off, and you have to enable it again after you install update 2973351 or 2975625 if it is required. Previously, Restricted Admin mode was turned on by default.

To configure the Restricted Admin registry setting, add a DWORD value that is named DisableRestrictedAdmin to the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

To do this, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type DisableRestrictedAdmin for the name of the DWORD value, and then press Enter.
  5. Right-click DisableRestrictedAdmin, and then click Modify.
    • To disable Restricted Admin mode, type 1 in the Value data box, and then click OK.
    • To enable Restricted Admin mode, type 0 in the Value data box, and then click OK.
  6. Exit Registry Editor, and then restart the computer.

↑ Back to the top


FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.



Windows 8.1 and Windows Server 2012 R2 file information

For all supported x86-based versions of Windows 8.1

File nameFile versionFile sizeDateTimePlatformService branch
Credssp.admlNot applicable18,20722-Aug-201305:14Not applicableX86_MICROSOFT-WINDOWS-CREDSSP-ADM.RESOURCES_31BF3856AD364E35_6.3.9600.16670_EN-US_CC90990BBCE23A4A
Credssp.admxNot applicable11,35418-Jun-201312:36Not applicableX86_MICROSOFT-WINDOWS-CREDSSP-ADM_31BF3856AD364E35_6.3.9600.16670_NONE_6D8AC11F770DE49F
Cng.sys6.3.9600.16670475,18409-Jun-201400:15x86Not applicable
Ksecpkg.sys6.3.9600.16670147,80009-Jun-201400:22x86Not applicable
Lsasrv.dll6.3.9600.166701,088,51208-Jun-201419:58x86Not applicable

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File nameFile versionFile sizeDateTimePlatformService branch
Credssp.admlNot applicable18,20722-Aug-201312:30Not applicableAMD64_MICROSOFT-WINDOWS-CREDSSP-ADM.RESOURCES_31BF3856AD364E35_6.3.9600.16670_EN-US_28AF348F753FAB80
Credssp.admxNot applicable11,35418-Jun-201315:03Not applicableAMD64_MICROSOFT-WINDOWS-CREDSSP-ADM_31BF3856AD364E35_6.3.9600.16670_NONE_C9A95CA32F6B55D5
Cng.sys6.3.9600.16670565,53609-Jun-201404:23x64Not applicable
Ksecpkg.sys6.3.9600.16670192,85609-Jun-201404:29x64Not applicable
Lsasrv.dll6.3.9600.166701,416,19208-Jun-201420:26x64Not applicable

↑ Back to the top


Keywords: kbregistry, kbmsifixme, kbfixme, kbsurveynew, kbmustloc, kblangall, kbexpertiseinter, kbsecurity, kbsecadvisory, kbinfo, kb, kbsecreview, kbsecvulnerability

↑ Back to the top

Article Info
Article ID : 2975625
Revision : 1
Created on : 1/7/2017
Published on : 7/8/2014
Exists online : False
Views : 327