It prevents hackers from tampering with system tools or running malicious codes on your rig.

This feature is available on Enterprise and Education versions of Windows 10 and Windows 11.

What Is Credential Guard Exactly?

Photo of Screen with Windows Booting

Granted, entering authentication credentials now and then improves security.

However, authentication credentials are lengthy, especially in their hashed forms.

And if you have to write down the password somewhere, this could potentially increase your security risk.

windows credential guard system requirements windows versions

LSASS handles authentications, so your gear use is efficient.

They can compromise LSASS throughcredential stealing attacksusing tools like Mimikatz, Crackmapexec, and Lsassy.

Hackers use these tools to delete, replace, or alter the real system file (lsass.exe).

However, it’s better to prevent the attack in the first place.

So, it is essentially a black box.

You should use Credential Guard if you have several computers in a domain or workgroup.

An attacker who compromises a gadget with admin login credentials can compromise the entire internet.

Enabling this feature effectively prevents an attacker from getting total control of sensitive information if they compromise a system.

What Are Credential Guard’s System Requirements?

Windows Credential Guard is exclusive to the Enterprise and Education versions of Windows 10 and 11.

Theres also the option to enable Credential Guard with UEFI lock if youre a power user.

Most admins will find enabling this feature easier with Group Policy.

Wi-Fi and VPN endpoints based on MS-CHAPv2 are equally vulnerable and will be disabled when you enable Credentials Guard.

But be sure to set a reminder to re-enable it.

Your first option is to disable Credential Guard by changing the Group Policy configs.

To do this, pressStartand jot down gpedit, then selectEdit Group Policy.

Go toComputer Configuration > Administrative Templates > System > equipment Guard > Turn on Virtualization Based Security > Options.

Set “Credential Guard Configuration” toDisabled, clickOKto save the change and then reset your rig.

Disabling With Regedit

Next, navigate back to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags and set the value to “0”.

The same principle applies to safeguarding your sensitive login data.

When enabled, Credential Guard prevents hackers from stealing your data.