Credential Guard is one of the main security features in Windows 10. This post shows 2 ways to disable Credential Guard. In addition, you can visit MiniTool to look for more Windows solutions and tips.
What Is Credential Guard?
Credential Guard is a virtualization-based isolation technology for Local Security Authority Subsystem Service that can prevent attackers from stealing credentials. Hence, it can provide a kind of protection for your data.
The Windows Defender Credential Guard was introduced in Windows 10 Enterprise and Windows Server 2016, and Windows Server 2019. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticker Granting Tickets, and credentials stored by applications as domain credentials.
However, some users complain that the VMware may fail to work if the Windows Defender Credential Guard is running. Hence, they ask whether there is a possibility to disable Credential Guard.
Of course, you can do that. In the following section, we will show you 2 ways to disable Credential Guard Windows 10. Keep on your reading.
2 Ways to Disable Credential Guard
In this section, we will show 2 ways to disable device guard or Credential Guard.
Way 1. Disable Credential Guard Windows 10 via Group Policy
First of all, we will show you the first way to disable Credential Guard Windows 10. In this way, you can disable device guard or Credential Guard via Control Panel.
Now, here is the tutorial.
Enable Hyper-V
To disable Credential Guard, you need to enable Hyper-V first.
Step 1: Type Control Panel in the search box of Windows 10 and choose the best-matched one. Then choose Programs and Features to continue.
Step 2: In the left panel, choose Turn Windows features on or off to continue.
Step 3: In the Windows Feature window, check Hyper-V and click OK to continue.
Step 4: Then click OK to confirm the changes. After that, it may prompt you to restart your computer. So, restart the computer to continue.
After having enabled Hyper-V, you can begin to disable Credential Guard.
Disable Credential Guard
In this section, we will show you how to disable Credential Guard to continue.
Step 1: Press Windows key and R key together to open Run dialog, then type gpedit.msc in the box and click OK to continue.
Step 2: In the Local Group Policy Editor window, navigate to the following location.
Computer Configuration > Administrative Templates > System > Device Guard
Step 3: Then select Device Guard to continue.
Step 4: Then find the Turn on Virtualization Based Security on the right panel and double-click it to continue.
Step 5: Then in the pop-up window, choose Disabled to continue.
Step 6: After that, click Apply and OK to confirm the changes.
When it is finished, you have disabled Credential Guard and can work with Hyper-V as well as VMware without any issues.
Way 2. Disable Credential Guard via Registry Editor
Now, we will show you the second way to disable Credential Guard. In this way, you can disable Credential Guard via Registry Editor.
Now, here is the tutorial.
Step 1: Press Windows key and R key together to open Run dialog, then type regedit in the box and click OK to continue.
Step 2: In the Registry Editor window, navigate to the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard
Step 3: Right-click on the DeviceGuard and choose New, then choose DWORD(32-bit) Value to continue.
Step 4: Name the newly created value as the EnableVirtualizationBasedSecurity and hit Enter to continue.
Step 5: Double-click it and then change its value data to 0.
Step 6: After that, right-click the DeviceGuard again, choose New, and choose DWORD(32-bit) Value to continue.
Step 7: Name the new key as RequirePlatformSecurityFeatures to continue.
Step 8: Double-click it to change its value data to 1 to use Secure Boot only or change value data to 3 to use Secure Boot and DMA protection.
Step 9: Returning to the Registry Editor window, and then navigate to the following folder.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
Step 10: Right-click on LSA, select New, and choose DWORD(32-bit) Value to continue.
Step 11: Name it as the LsaCfgFlags to continue.
Step 12: Double-click it to change its value data to 0.
When you have finished all steps, close the Registry Editor window and you have successfully disabled the Credential Guard.
From above information, you can know that Credential Guard can provide protection for your data. But if it is disabled, computer would be in a risky status. So, in order to better keep computer safe, you can make a system image.
Final Words
To sum up, this post has introduced 2 ways to disable Credential Guard. So, if you want to disable Windows Defender Credential Guard for a Virtual Machine, these ways can help you out.
User Comments :
Post Comment