Access Credential Manager as a trusted caller

This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities.

Policy path: 

Computer Configuration\Windows Settings\Local Policies\User Rights Assignment

Comments: 

Logoff required

Supported on: 

At least Windows Vista, Windows Server 2008

Registry settings: 

User Rights security settings are not registry keys

Reboot required: 

No