The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Device Guard and Credential Guard Hardware Readiness Tool for Windows computers

Download Windows Speedup Tool to fix errors and make PC run faster

Microsoft has released a Device Guard and Credential Guard Hardware Readiness Tool that will allow customers to enable Device Guard or Credential Guard & check if their Windows 11/10 or Windows Server hardware is ready for it.

Windows Server 2016

Device Guard is a group of key features, designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.

Credential Guard is a specific feature that is not part of Device Guard that aims to isolate and harden key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector.

The two are different, but complimentary as they offer different protections against different types of threats. Let’s dive in and take a logical approach to understanding each. It’s worth noting here that these are enterprise features, and as such are included only in the Windows Enterprise client.

Device Guard is a firmware that will not let un-authenticated, unsigned, unauthorized programs as well as operating systems to load. It is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications.

Credential Guard is one of the main security features available with Windows 11/10. It protects domain credentials against hacking, thereby preventing hackers from taking over enterprise networks. Along with features like Device Guard and Secure Boot, Windows 11/10 is more secure than any previous Windows operating system.

Device Guard and Credential Guard Hardware Readiness Tool

This tool is a Windows PowerShell script and needs to run with elevated permissions.

It can be used in the following ways:

  • Check the status of Device Guard or Credential Guard on the system
  • Check if the hardware can run Device Guard or Credential Guard and is compatible with the Hardware Lab Kit tests
  • Enable and disable Device Guard or Credential Guard
  • Integrate with System Center Configuration Manager
  • Use an embedded ConfigCI policy in audit mode.

You can download it from Microsoft.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.