On July 8, 2014, Microsoft released the following:
This update provides configurable registry settings for managing the Restricted Admin mode for Credential Security Support Provider (CredSSP).
Note The update changes default Restricted Admin mode functionality in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information, see the FAQ section of the advisory.
How to configure the Restricted Admin registry settingImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
To configure the Restricted Admin registry setting, add a DWORD value that is named DisableRestrictedAdmin to the following registry subkey:
To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following subkey in the registry:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
- On the Edit menu, point to New, and then click DWORD Value.
- Type DisableRestrictedAdmin for the name of the DWORD value, and then press Enter.
- Right-click DisableRestrictedAdmin, and then click Modify.
- To disable Restricted Admin mode, type 1 in the Value data box, and then click OK.
- To enable Restricted Admin mode, type 0 in the Value data box, and then click OK.
- Exit Registry Editor, and then restart the computer.