Remote Credential Guard
Summary RCG protects admin credentials by ensuring they are not passed over the network to the target device. Details Clients with RCG enabled do not send primary credentials to the target machine. This mitigates the risk of stolen credentials if the target is compromised. In RCG, the client LSA acts as a reverse proxy for ticket requests from the target. Hence, the target never needs to store primary credentials. RCG will not allow NTLM fallback....