VMware

Enable Credential Guard support?

In looking for compelling reasons to upgrade my hardware compatibility of my Citrix VirtualApp VMs I discovered Credential Guard support. Has anyone done this? it looks like you need to set up a number of items on the hardware side.

I’m most interested in this on my Citrix terminal services environment as that is where i see any attacks possibly happening.

https://blogs.vmware.com/vsphere/2018/05/introducing-support-virtualization-based-security-credential-guard-vsphere-6-7.html


View Reddit by brkdncrView Source

Related Articles

2 Comments

  1. There’s nothing to set up on the hardware side really. If you want a vTPM you’re going to need a KMS but a vTPM is not required for Credential Guard according to MS documentation. (it’s addressed in the blog)

    Just follow the steps and enable VBS and you’re good to go.

    p.s. I wrote the blog

  2. We have it enabled for all of our vdis and compatible server.

    Just upgrade hardware version to at least 14 (maybe it’s 15), set up EFI Boot and enable the check. If you want to change your current vms in bios (mbr) boot you should change to uefi bootlader, there is a microsoft document for that, it’s not difficult but time consuming.

    Then the system will detect it but to be sure just enable it via gpo.

    There are some downsides, for example, you cannot use it with nvidia vgpu for example (unless the last version change it)

Leave a Reply

Close