Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Summary

This article describes the Local Security Authority (LSA) registry value AllowUnprivilegedProxyAuth.

This registry value enables Application Guard and Universal Windows Platform (UWP) applications which do not use the enterpriseAuthentication capability to automatically authenticate to HTTP proxies.

Registry setting

Important This section, method, or task contains steps that tell you how to change the registry. However, serious problems might occur if you change the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you change it. Then, you can restore the registry if a problem occurs.

For more information about how to back up and restore the registry, see the following article in the Microsoft Knowledge Base:

322756How to back up and restore the registry in Windows

To enable or disable the AllowUnprivilegedProxyAuth setting, locate and change the following registry key: 

Registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

DWORD name: AllowUnprivilegedProxyAuth
Value data: Any nonzero value (Default value)

Notes

  • To automatically authenticate to HTTP proxy servers for applications which do not use the enterpriseAuthentication capability, set the Value data setting to 1.

  • To not automatically authenticate to HTTP proxy servers for applications which do not use the enterpriseAuthentication capability, set the Value data setting to 0 (zero).

More information

If you set the AllowUnprivilegedProxyAuth registry value to 1, these applications will have access to authentication traffic enabling them to run man-in-the-middle and dictionary/brute force attacks against the users NTLM authentication.

If you set the AllowUnprivilegedProxyAuth registry value to 0, applications which do not use the enterpriseAuthentication capability, such as Application Guard, will be unable to authenticate to HTTP proxies without providing credentials themselves. This might cause some web connection failures for applications which have to use a HTTP proxy that do not have credentials.

By default, the AllowUnprivilegedProxyAuth registry value is not present. If you have to make a change to this setting, you must create the value. The default value of this setting is 1.

This registry value is supported on Windows 10, version 1709, and later versions.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×