Home » Security Bloggers Network » How to use Credential Guard in Windows 10

How to use Credential Guard in Windows 10

by Greg Belding on February 10, 2020

Introduction

One of the proverbial gems in the crown of a successful attack is user credentials, and it is understandable why. Once an attacker has a compromised system’s credentials, most of the actions in furtherance of the attack can be performed without a high risk of detection.

A major vulnerability of previous Windows systems has been solved with Windows Defender Credential Guard. This article will detail how to use Credential Guard in Windows 10, including what Credential Guard is, Credential Guard prerequisites, the problem that Credential Guard solves, what Credential Guard brings to the table, how to manage Credential Guard and further considerations.

What is Credential Guard?

Windows Defender Credential Guard is a new security platform available in Windows 10. This new feature moves the information security field away from the days of questionable credential storage to the world of virtualization.

The easiest thing about using the Credential Guard feature is that once it is properly enabled, the feature will start working. Management is straightforward and simple: a few clicks into Group Policy and you’ll be up and running.

Credential Guard prerequisites

Windows 10 Enterprise, Windows Server 2016, Windows Server 2019
UEFI without CSM enabled
64-bit Windows
Secure Boot enabled
Processor with both virtualization extensions and Secondary Level Address Translation
TPM recommended (not required)
Hyper-V turned on in Windows Features

What problem does Credential Guard solve and how?

As mentioned above, there was an inherent problem with the way that credentials are stored on Windows systems before Windows 10 debuted Credential Guard (even some early Windows 10 versions). This is that Windows stores credentials in hash stores within the system’s Local Security Authority, or LSA, in memory.