This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
After upgrading to Windows 11 2022H2, RDP always prompts for credentials and Edge Dev doesn't autofill credentials. According to this, Windows 11 H2 enables Windows Defender Credential Guard. I tried to follow the steps to disable it in the Group Policy Editor (it was set to Not Configured) and rebooted, but it doesn't help. How to resolve this scourge?
BTW, shouldn't we enable such features by default and leaving users to figure out to restore the old behavior for hours, instead of asking on install?
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
I've found you also need to set the key in the current control set :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Create a new DWORD LsaCfgFlags and set it to 0
Copy the following into a .reg file to do both
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard]
"LsaCfgFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LsaCfgFlags"=dword:00000000
You will need to reboot for it to take effect.
It looks like I found a solution. As mentioned in the article, create the following DWORD registry key and set it to 0:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
I didn't have it, so I had to create it. Reboot. RDC will still prompt you the first time you remote in, but it will remember credentials after that.
Roll back such as a massive update? I'm sure that the next auto update will have that "feature", so I'd like to know how to disable it given that both Credential Guard and Remote Credential Guard seem not to be enabled and yet I'm asked to fill in credentials. My laptop is not joined to a domain, BTW.
It looks like I found a solution. As mentioned in the article, create the following DWORD registry key and set it to 0:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
I didn't have it, so I had to create it. Reboot. RDC will still prompt you the first time you remote in, but it will remember credentials after that.
This is the way.
Thank you so very much.
Yes, there is:
https://windowsreport.com/disable-windows-defender-credential-guard-windows-11/
says GPE->Computer Configuration\Administrative Templates\System\Device Guard
**Configure **Turn on Virtualization Based Security policy option
as disabled.
