Microsoft publishes the following caution about enabling the CredSSP Windows Group Policy:
Caution: Credential Security Support Provider (CredSSP) authentication, in which the user’s credentials are passed to a remote computer to be authenticated, is designed for commands that require authentication on more than one resource, such as accessing a remote network share. This mechanism increases the security risk of the remote operation. If the remote computer is compromised, the credentials that are passed to it can be used to control the network session.
I can’t find a whole lot of discussion on this caution from Microsoft nor can I find a lot of prescriptive advice from them, either.
Microsoft – a little help?