Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3
Article ID: 951608 - View products that this article applies to.
This article describes the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3 (SP3).
CredSSP is a new Security Support Provider (SSP) that is available in Windows XP SP3 by using the Security Support Provider Interface (SSPI). CredSSP enables a program to use client-side SSP to delegate user credentials from the client computer to the target server. (The target server is accessed by using server-side SSP). Windows XP SP3 involves only the client-side SSP implementation. The client-side SSP implementation is currently being used by Remote Desktop Protocol (RDP) 6.1 Terminal Services (TS). However, the client-side SSP implementation can be used by any third-party program that is willing to use the client-side SSP to interact with programs that are running server-side SSP implementations in Windows Vista or in Windows Server 2008.
To download the CredSSP protocol specification, visit the following Microsoft Web site:
http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-CSSP%5D.pdfNote By default, CredSSP is turned off in Windows XP SP3.
How to turn on CredSSPTo have us turn on CredSSP for you, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Let me fix it myself" section.
Fix it for me
To fix this problem automatically, click the Fix it button or link. Click Run in the File Download dialog box, and follow the steps in the Fix it wizard.
Turn on CredSSP
Microsoft Fix it 50588
Let me fix it myselfImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
Scenarios for using CredSSP
Scenario 1: Programmatically use the SSPYou can now use CredSSP to perform client-side authentication in Windows XP SP3. You can use CredSSP together with authentication APIs to successfully authenticate the server-side counterpart programs that are running in Windows Vista or in Windows Server 2008.
For more information about the AcquireCredentialsHandle (CredSSP) function, visit the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/aa965463(VS.85).aspxFor more information about the InitializeSecurityContext (CredSSP) function, visit the following Microsoft Web site:
Scenario 2: Use Terminal Services to connect to Windows Vista or to Windows Server 2008 from Windows XP SP3
CredSSP Group Policy settingsWindows XP SP3 supports CredSSP Group Policy settings that are specific to credentials delegation as it applies in Windows Vista or in Windows Server 2008. However, the CredSSP Group Policy settings are not available as a Group Policy object (GPO) in Windows XP SP3. The CredSSP Group Policy settings can be applied by creating or by modifying registry entries for the required CredSSP Group Policy setting. The registry entries contain the list of server Service Principal Names (SPNs) for which the associated Group Policy setting applies. Additionally, the registry entries contain the serial number of the servers.
For more information about CredSSP Group Policy settings, visit the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/bb204773(VS.85).aspxThe following registry keys correspond to Group Policy settings:
Value data: 00000001
Value data: 00000001