"Credential Guard & Key Guard" process still running even after disabling Credential-Guard via GPO

SimonS20121 6 Reputation points

Hello, is anyone here familiar with the workings of credential guard?

We're currently testing this feature internally and preparing to roll it out to our entire userbase.

Last thing I've tested is activating the EFI-lock and then disabling credential guarding entirely again on a client device.

And what I've found is that the process "Credential Guard & Key guard" (LsaIso.exe) is still running after you disable credential guard entirely.
When you check "System information", the registry etc. etc. then all the values indicate that credential guard is turned off, yet this process is still running when you start up your PC.

I have no idea if it does anything or whether the feature is, in fact, still active.

Does anyone know why this process still runs even after disabling credential guard and how I could 'actually' test whether credential guard is still active? I don't know a certain appliation that I could install, that would get blocked, for example. And the settings indicate that it's not running, but that's not enough, if we want to roll it out for everyone.

I need to make sure that if we have to turn it off that there are no issues with that.

Thanks for the help!

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,967 questions
0 comments No comments
{count} vote