{"id":101092,"date":"2019-03-12T07:00:00","date_gmt":"2019-03-12T14:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=101092"},"modified":"2021-02-05T19:31:56","modified_gmt":"2021-02-06T03:31:56","slug":"20190312-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20190312-00\/?p=101092","title":{"rendered":"Asking for clear written documentation that &#8220;Require trusted path for credential entry&#8221; is no longer recommended"},"content":{"rendered":"<p>A customer had turned on the <i>Require trusted path for credential entry<\/i> policy (under Computer Configuration, Administrative Templates, Windows Components, Credential User Interface). They demanded that Microsoft provide clear written documentation that the policy is no longer recommended.<\/p>\n<p>This was an interesting demand, because that setting was never recommended in the first place.<\/p>\n<p><a href=\"https:\/\/blogs.msdn.microsoft.com\/aaron_margosis\/\"> Aaron Margosis<\/a>, who knows a lot about recommended security settings, confirmed that that setting was never in any Microsoft-published security baseline. He recalls that it was part of a draft government baseline, but was quickly removed and never made it past the draft stage. Aaron even gave a talk titled <a href=\"https:\/\/channel9.msdn.com\/Events\/TechEd\/NorthAmerica\/2011\/SIM304\"> <i>Unintended Consequences of Security Lockdowns<\/i><\/a> where he demonstrates how useless that policy is:<\/p>\n<p><iframe src=\"https:\/\/channel9.msdn.com\/Events\/TechEd\/NorthAmerica\/2011\/SIM304\/player\" width=\"480\" height=\"270\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>The demonstration begins at timecode 32:47, and he continues at 37:10 with a discussion of the secure attention sequence.<\/p>\n<p>Being told that Microsoft never recommended the setting was not enough to placate the customer, who reiterated their demand that Microsoft formally publish a recommendation <i>not<\/i> to set that setting.<\/p>\n<p>Faced with another case of a customer <a href=\"https:\/\/docs.microsoft.com\/en-us\/previous-versions\/technet-magazine\/jj643252(v=msdn.10)\"> demanding that there be published documentation stating that a bad idea is a bad idea<\/a>, Aaron suggested that the customer consider <a href=\"https:\/\/blogs.technet.microsoft.com\/fdcc\/2010\/10\/06\/sticking-with-well-known-and-proven-solutions\/\"> sticking with well-known and proven solutions<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It was never recommended in the first place.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[104],"class_list":["post-101092","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-tipssupport"],"acf":[],"blog_post_summary":"<p>It was never recommended in the first place.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/101092","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=101092"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/101092\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=101092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=101092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=101092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}