GPO tool

Group Policy made searchable

A free ADMX browser or comparison tool for IT administrators. Search policies, find registry keys, and see exactly what each setting writes to the Windows Registry. Or compare two GPO backups to see exactly what has changed between them.

Select a product
  • Select a category.

Do not allow WebAuthn redirection

This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g., Windows Hello for Business, security key, or other).

By default, Remote Desktop allows redirection of WebAuthn requests.

If you enable this policy setting, users can't use their local authenticator inside the Remote Desktop session.

If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.

Registry Information

VendorMicrosoft
ProductTerminal Server
CategoryRemote Desktop Services › Remote Desktop Session Host › Device and Resource Redirection
Applies toComputer Configuration
Supported onWindows 10 0 20H1
Registry Key[HKLM]SOFTWAREPoliciesMicrosoftWindows NTTerminal Services
Value NamefDisableWebAuthn
TypeREG_DWORD
Enabled value1
Disabled value0

Registry File (.reg)

Windows Registry Editor Version 5.00

; Enable the policy
[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal Services]
"fDisableWebAuthn"=dword:00000001

; Disable the policy
[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal Services]
"fDisableWebAuthn"=dword:00000000

PowerShell

# Enable the policy
Set-ItemProperty -Path "HKLM:SOFTWAREPoliciesMicrosoftWindows NTTerminal Services" -Name "fDisableWebAuthn" -Value 1 -Type DWord

# Disable the policy
Set-ItemProperty -Path "HKLM:SOFTWAREPoliciesMicrosoftWindows NTTerminal Services" -Name "fDisableWebAuthn" -Value 0 -Type DWord