Today, in this post, we will see how to enable or turn on Credential Guard in Windows 10 by using Group Policy. Credential Guard is one of the main security features available with Windows 10. It allows protection against hacking of domain credentials thereby preventing hackers from taking over the enterprise networks.
Enable Credential Guard
Credential Guard is available only in Windows 10 Enterprise Edition. So if you are using Pro or Education, you won’t get to see this feature on your version of Windows. Moreover, Your machine should be supporting Secure Boot and 64-bit virtualization.
To enable or turn on Credential Guard, Open Run, type gpedit.msc and hit Enter to open the Group Policy Editor.
Now navigate to the following setting:
Computer Configuration > Administrative Templates > System > Device Guard
Now, double-click Turn On Virtualization Based Security, and then select Enabled.
Next, under Options, select Platform Security Level box, choose Secure Boot or Secure Boot and DMA Protection.
In the Credential Guard Configuration box, click Enabled with UEFI lock and then OK.
If you want to turn off Credential Guard remotely, choose Enabled without lock.
Click Apply/OK and exit.
Restart your system.
You have to remember that, Credential Guard will offer protection against direct hacking attempts and malware seeking credential information. If the credential information is already stolen before you could implement Credential Guard, it won’t prevent the hackers from using the hash key on other computers in the same domain.
The Remote Credential Guard in Windows 10 protects Remote Desktop credentials.