How to Verify if Credential Guard is Enabled or Disabled in Windows 10
Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
Credential Guard offers the following features and solutions:
- Hardware security Credential Guard increases the security of derived domain credentials by taking advantage of platform security features including, Secure Boot and virtualization.
- Virtualization-based security Windows services that manage derived domain credentials and other secrets run in a protected environment that is isolated from the running operating system.
- Better protection against advanced persistent threats Securing derived domain credentials using the virtualization-based security blocks the credential theft attack techniques and tools used in many targeted attacks. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures.
- Manageability You can manage Credential Guard by using Group Policy, WMI, from a command prompt, and Windows PowerShell.
Credential Guard references: (recommend to read)
- Protect derived domain credentials with Windows Defender Credential Guard | Microsoft Docs
- How Windows Defender Credential Guard works | Microsoft Docs
- Manage Windows Defender Credential Guard | Microsoft Docs
- Windows Defender Credential Guard protection limits | Microsoft Docs
- Considerations when using Windows Defender Credential Guard | Microsoft Docs
- Windows Credential Guard: Additional mitigations | Microsoft Docs
- Windows Defender Credential Guard: Known issues | Microsoft Docs
- Windows Defender Credential Guard hardware requirements | Microsoft Docs
- Windows 10 Device Guard and Credential Guard Demystified
This tutorial will show you how to verify if Credential Guard virtualization-based security is enable or disable on your Windows 10 Enterprise or Windows 10 Education PC.
Here's How:
1 Press the Win + R keys to open Run, type msinfo32 into Run, and click/tap on OK to open System Information. (see screenshot below)
2 If enabled, Credential Guard should be shown next to Virtualization-based security Services Configured displayed at the bottom of the System Summary section.
That's it,
Shawn
Related Tutorials
- How to Enable or Disable Credential Guard in Windows 10
- How to Verify if Device Guard is Enabled or Disabled in Windows 10