You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
credential roaming
About this tag
Credential roaming is a Windows feature that allows Active Directory Domain Services to roam user certificates and private keys across domain-joined machines. However, it has been associated with security vulnerabilities and performance issues. A notable vulnerability, CVE-2022-30170, affects the Windows Credential Roaming Service on Windows Server 2022, 23H2 Edition, enabling elevation of privilege. Microsoft recommends patching to mitigate this risk. Additionally, enabling credential roaming can cause the AD DS database to grow significantly, leading to LDAP query delays and replication problems. Discussions on WindowsForum cover these security concerns and the operational impact of credential roaming in enterprise environments.
The recent disclosure of CVE‑2022‑30170—a vulnerability in the Windows Credential Roaming Service that enables elevation of privilege—has sent ripples throughout the Windows community. The flaw, which can be exploited to escalate user rights, now specifically affects Windows Server 2022, 23H2...
Credential Roaming allows organizations to use Active Directory Domain Services (AD DS) to roam a user’s certificates and private keys to any machine the user logs onto with their domain account. For more information about this feature visit...
Link Removed
Fixes an issue in which AD DS database size increases significantly after you enable the Credential Roaming feature in a domain. Additionally, you may experience issues such as LDAP query delays and replication delays.
More...