How to Disable Credential Guard on Windows 11 [4 Ways]

Looking to disable the Windows Defender Credential Guard on Windows 11? You’re not alone. While it enhances security, this feature can block access to apps like VMware. Here’s what you need to know to disable it effectively.

How do I disable the Windows Defender Credential Guard on Windows 11?

Before trying advanced solutions try the following: disconnect remote connections, and close background apps. If these don’t work, keep reading.

1. Disable via Group Policy

1. Press Windows + R key to open the Run dialog box, type gpedit.msc in the text space, and click OK to open the Group Policy Editor.
2. Navigate to the following location: Computer Configuration\Administrative Templates\System\Device Guard
3. Click on Device Guard and double-click the Turn on Virtualization Based Security policy option.
4. Then, click the Disabled or the Not Configured option and the OK button to save the changes.
5. Exit and restart your PC to effect the change you made.

Selecting the disabled option or Not configured will stop the activities of Windows Defender Credentials Guard on your Windows 11. Also, you can check the fixes for missing gpedit on Windows 11 if you cannot find it.

2. Disable via Registry Keys

1. Left-click the Start button, type Regedit in the search box, and select Registry Editor.
2. Navigate to the following keys and set their values to 0 to disable the virtualization-based security: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
3. Restart your computer.

Note that you must set the registry settings to 0 to disable virtualization-based security.

3. Disable via UEFI Lock

1. Left-click the Start button, type comm in the search space, and select Run as Administrator.
2. Click Yes when the User Account Control window appears.
3. Run the following command and click ENTER: bcdedit
4. Then copy and paste the following commands in the Command Prompt:

mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d

Before the booting process completes, confirm the prompt notifying you that UEFI was modified. Also, ensure the prompt will implement the changes you made.

4. Disable Virtualization-Based Security

1. Left-click the Start button, type comm in the search space, and select Run as Administrator.
2. Click Yes when the User Account Control window appears.
3. Run the following command and click ENTER: bcdedit
4. Then copy and paste the following commands and press ENTER: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit /set vsmlaunchtype off
5. Finally, restart your PC to implement the changes.

The Windows Defender Credential Guard is dependent on VBS (Virtualization-Based Security). Hence, disabling the Virtual-Based Security will automatically disable the Credential Guard on your Windows device.

Ensure to follow the steps strictly to avoid complicating your PC further.

Nonetheless, check our article about disabling Windows Defender Credential Guard on Windows 10 for more details.

Kindly tell us which solutions worked for you in the comments section. For further queries, leave them, and we will get back to you.