Credential Guard is a feature that uses virtualization-based security to separate certain secrets so as to make them accessible to only privileged system software. The secrets are always suceptible to cyber threats owing to the increasing degree of hacking. Hence unauthorized access is deleterious to the interest of credentials and secrets and they often make way for thefts like Pass-the-Hash or Pass-The-Ticket. This is when credential guard comes into play. The main function of credential guard is to prevent these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
Credential Guard offers the following features and solutions:
- Hardware security Credential Guard increases the security of derived domain credentials by taking advantage of platform security features including, Secure Boot and virtualization.
- Virtualization-based security Windows services that manage derived domain credentials and other secrets run in a protected environment that is isolated from the running operating system.
- Better protection against advanced persistent threats Securing derived domain credentials using the virtualization-based security blocks the credential theft attack techniques and tools used in many targeted attacks. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures.
Step to Enable or Disable Credential Guard in Windows 10
1.Open Cortana, type Windows Features. Now scroll down and check for Hyper-V Hypervisor under Hyper-V, and click on OK. If your version is earlier to that of Enterprise Build 1607, then find out Hyper-V Hypervisor under Hyper-V, check Isolated User Mode, and click on OK.
2. Now press Windows+R to open the Run window. Now type gpedit.msc.
3. Go To the following location Computer ConfigurationAdministrative TemplatesSystemDevice Guard.
4. In the right pane of Device Guard double click on Turn On Virtualization Based Security policy to edit it,
5. To enable credential guard, select enable else selct Disable.