How-To

How to Turn Off Credential Guard on Windows 11

Published

Credential Guard on Windows 11 protects hackers from grabbing your system credentials. If you ever need to disable it, however, follow this guide.

Windows Defender Credential Guard, or Credential Guard for short, is available on Windows 11 Enterprise, Education, and Server editions. This is a security feature that protects against hacking domain credentials. It also secures authentication credentials (passwords) against unauthorized access.

Credential Guard with secure boot helps protect passwords and other sensitive credentials from malicious actors. You may want to turn off Credential Guard if it interferes with other services or protocols, however.

To disable Credential Guard on Windows 11, follow these steps.

What is Credential Guard?

The Credential Guard security feature helps protect access to passwords and other sensitive credentials from unauthorized access. It is tied to the Local Security Authority Server Service to authenticate credentials. In addition, the LASASS service handles security features such as Encrypting File System (EFS), CGN Key Isolation (Keylso), and Security Accounts Manager (SamSs).

Even if a malicious actor was to gain access to your PC, Credential Guard makes it harder for them to access sensitive content. It isolates credentials in a secure environment inaccessible to apps and Windows, offering a simple way to secure passwords and sensitive credentials on your Windows 11 PC.

To use Credential Guard, your system needs to meet specific requirements. For example, you need a 64-bit CPU for virtualization-based security and Secure Boot. In addition, you need TPM 1.2 or 2.0 (required to run Windows 11) and UEFI lock.

Also, it’s important to note that a system running Windows 11 Pro may have Credential Guard if it was downgraded from Enterprise to the Pro version. However, those instances are rare, and if you’re not running the Enterprise, Education, and or compatible Server editions, it’s not a compatible system component.

How to Enable Credential Guard on Windows 11

You can enable Credential Guard on Windows 11 using Group Policy. The process involves more than toggling a switch, but we’ll show you everything you need to know.

To enable and configure Credential Guard on Windows 11:

  1. Press Windows key + R to launch the Run dialog window.
  2. Type gpedit.msc and click OK or press Enter.Credential Guard on Windows 11
  3. Navigate to the following location in Local Group Policy Editor:
    Computer Configuration > Administrative Templates > System > Device Guard
  4. Double-click the Turn on Virtualization Based Security policy in the right column.
  5. Select Enabled at the top.
  6. Under the Options section, set the Select Platform Security Level to Secure Boot or Secure Boot and DMA Protection.
  7. Set the Virtualization Based Protection of Code Integrity option to Not Configured from the dropdown menu.
  8. Set Credential Guard Configuration to Enabled with UEFI lock option.
  9. Keep the Secure Launch Configuration and Kernal-mode Hardware-enforced stack Protection options as Not Configured.Credential Guard on Windows 11
  10. Click Apply and OK.
  11. Restart Windows 11.

How to Disable Credential Guard on Windows 11

You might need to turn off Credential Guard on Windows 11 if it’s interfering with other services you have running. Turning it off is straightforward by using the Group Policy Editor.

To disable Credential Guard on Windows 11:

  1. Press Windows key + R to launch the Run dialog window.
  2. Type gpedit.msc and click OK.Credential Guard on Windows 11
  3. Navigate to the following location in Local Group Policy Editor:
    Computer Configuration > Administrative Templates > System > Device Guard
  4. Double-click the Turn on Virtualization Based Security policy in the right column.
  5. Set it to Not Configured or Disabled.
  6. Click Apply and OK.
  7. Restart your computer.

Staying Private and Secure on Windows 11

If you need to secure login credentials, using Credential Guard is a practical option on compatible versions of Windows. Enabling it prevents an attacker from gaining control of your entire network or workgroup. If you need to disable it or reenable it for any reason, use the above steps with Group Policy.

There are other ways to ensure your PC is secure. For example, you can configure Windows 11 Security for maximum protection, and even it will allow you to temporarily disable security to let a trusted file through. Also, if you’re concerned about privacy while using the OS, learn to disable ad-tracking on Windows 11.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

 

Related Items:, ,
To Top