How to disable Windows Defender credential guard in Windows 11

Disable Windows Defender Credential Guard without hassles

by Henderson Jayden Harper
Henderson Jayden Harper
Henderson Jayden Harper
Passionate about technology, Crypto, software, Windows, and everything computer-related, he spends most of his time developing new skills and learning more about the tech world. He also enjoys... read more
Reviewed by Alex Serban
Alex Serban
Alex Serban
Windows Server & Networking Expert
After moving away from the corporate work-style, Alex has found rewards in a lifestyle of constant analysis, team coordination and pestering his colleagues. Holding an MCSA Windows Server... read more
Affiliate Disclosure
  • Windows Defender Credential Guard isolates login information and personal items from your system.
  • The Credential Guard can block some other programs from running on your PC.
  • Disabling the VBS (Virtualization-Based Security) will disable other services dependent on it.
disable windows defender credential guard windows 11

Fix Windows 11 OS errors with Restoro PC Repair Tool:This software repairs common computer errors by replacing the problematic system files with the initial working versions. It also keeps you away from critical file loss, hardware failure, and repairs damages made by malware and viruses. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows 11 issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Some readers want to disable Windows Defender Credential Guard on Windows 11. Microsoft introduced this security feature to the Windows 10 Enterprise in 2016. Some report that the Credential Guard needs to be disabled to run VMware on their PCs.

What is Microsoft Defender Credential Guard?

Windows Defender Credential Guard is a security feature that protects and manages users’ login credentials by isolating users’ from the rest of the system. Its central concept is to keep users’ login information out of hackers’ reach, preventing them from taking control of your PC.

After its incorporation into Windows 10 Enterprise and Windows Server 2016, Microsoft decided to include it in Windows 11. Also, the Windows Defender Credential Guard secures any domain credentials generated from your apps.

However, running some programs alongside this feature can be difficult as it blocks their authentication access.

Likewise, it doesn’t support Domain Controllers, third-party security software, Active Directory database, or any other encryption support program. Also, VMware is not compatible with Credential Guard on Windows 10.

Nevertheless, the Windows Defender Credential Guard isolates the secret credentials on your PC, keeping it protected from theft. Users can enable the Credential Guard on Windows 11 or disable it depending on their preferences and what type of programs they run on their PCs.

How do I disable the Windows Defender Credential Guard on Windows 11?

Before going through any steps for disabling Windows Defender Credential Guard, observe the following preliminary checks:

  • Disconnect any remote connection on your PC.
  • Disable third-party antivirus ruining on your computer.
  • Close background apps.

The above steps will prepare your PC for the process.

1. Disable via Group Policy

  1. Press Windows + R key to open the Run dialog box, type gpedit.msc in the text space, and click OK to open the Group Policy Editor.
  2. Navigate to the following location: Computer Configuration\Administrative Templates\System\Device Guard
  3. Click on Device Guard and double-click the Turn on Virtualization Based Security policy option.
  4. Then, click the Disabled or the Not Configured option and the OK button to save the changes.
  5. Exit and restart your PC to effect the change you made.

Expert tip:


Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.

Selecting the disabled option or Not configured will stop the activities of Windows Defender Credentials Guard on your Windows 11. Also, you can check the fixes for missing gpedit on Windows 11 if you cannot find it.

2. Disable via Registry Keys

  1. Left-click the Start button, type Regedit in the search box, and select Registry Editor.
  2. Navigate to the following keys and set their values to 0 to disable the virtualization-based security: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
  3. Restart your computer.

Note that you must set the registry settings to 0 to disable virtualization-based security.

3. Disable via UEFI Lock

  1. Left-click the Start button, type comm in the search space, and select Run as Administrator.
  2. Click Yes when the User Account Control window appears.
  3. Run the following command and click ENTER: bcdedit
  4. Then copy and paste the following commands in the Command Prompt:

mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d

Before the booting process completes, confirm the prompt notifying you that UEFI was modified. Also, ensure the prompt will implement the changes you made.

4. Disable Virtualization-Based Security

  1. Left-click the Start button, type comm in the search space, and select Run as Administrator.
  2. Click Yes when the User Account Control window appears.
  3. Run the following command and click ENTER: bcdedit
  4. Then copy and paste the following commands and press ENTER: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit /set vsmlaunchtype off
  5. Finally, restart your PC to implement the changes.

The Windows Defender Credential Guard is dependent on VBS (Virtualization-Based Security). Hence, disabling the Virtual-Based Security will automatically disable the Credential Guard on your Windows device.

Ensure to follow the steps strictly to avoid complicating your PC further.

Nonetheless, check our article about disabling Windows Defender Credential Guard on Windows 10 for more details.

Kindly tell us which solutions worked for you in the comments section. For further queries, leave them, and we will get back to you.

Still having issues? Fix them with this tool:


If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: