FIX: VMware is not incompatible with Credential Guard
3 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
A common error with VMware workstations is when you try to power on the virtual machine on a Windows 10 device though you are greeted with the dreaded Blue Screen of Death when Credential Guard or Device Guard is enabled.
This no doubt makes for a frustrating scenario though the good thing here is that the issue can be remedied easily and effectively. And the easiest and most obvious solution here is to disable Windows Defender Credential Guard.
What to do if VMware is not compatible with Credential Guard
1. Turn of Windows Defender Credential Guard using Group Policy
- Launch Group Policy Management Console. Just type Group Policy in the Cortana search box and select Group Policy editor from the search result.
- In the Group Policy Editor window, select Computer Configuration > Administrative Templates > System > Device Guard from the options on the left.
- You will get to see the Turn On Virtualization Based Security option on the right panel. Double click on it.
- This will launch the Turn On Virtualization Based Security
- Click on the Disable option to disable the setting.
- Click on Apply > OK.
- Close the Group Policy window as well.
2. Delete Registry setting
- Open Registry Editor. (Type regedit in the Cortana search box.)
- Delete the following registry settings.
HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsDeviceGuardEnableVirtualizationBasedSecurity
HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsDeviceGuardRequirePlatformSecurityFeatures
The usual precautions to be adopted when tinkering with Registry settings are applicable here. It is strongly recommended to back up the Registry before making any changes to it.
3. Delete the Windows Defender Credential Guard EFI variables using bcdedit
- It is an easy process where you just have to type the following commands from an elevated command prompt and press Enter.
- mountvol X: /s
- copy %WINDIR%System32SecConfig.efi X:EFIMicrosoftBootSecConfig.efi /Y
- bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d “DebugTool” /application osloader
- bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path “EFIMicrosoftBootSecConfig.efi”
- bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
- bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
- bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
- mountvol X: /d
- Restart the PC.
- There will be a prompt where you will be asked to confirm to disable Windows Defender Credential Guard. Consent to it.
4. Disable Hyper-V
- You are also likely to get the VMware not compatible with Credential Guard error when Hyper-V is enabled.
- To disable Hyper-V, use the following command:
- bcdedit /set hypervisorlaunchtype off
- Restart your PC for the command to take effect.
- Also, just in case you need to start Hyper-V again, use the following command.
- bcdedit /set hypervisorlaunchtype auto
- Again, restart the PC.
The above steps should sort things out when VMware is found incompatible with Credential guard.
You will also get more info on this on Microsoft’s official webpage.
Meanwhile, here are some related posts you might want to browse:
User forum
0 messages