Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, April 3, 2017 2:50 PM
Can I still implement Credential Guard on machines without a TPM chip?
I can't seem to find much on this, other then vague references that TPM is optional.
I realize it wouldn't be as secure, just want to know if it is possible and how it works / what requirements are there.
thanks
Tony
All replies (1)
Tuesday, April 4, 2017 2:28 AM
Hi Tony,
It's highly recommended.
Trusted Platform Module (TPM) is a motherboard chip that stores Credential Guard encryption keys. If you don’t have a TPM installed, Credential Guard will still be enabled, but the keys used to encrypt Credential Guard will not be protected by the TPM. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.
Here is how to deploy the Credential Guard:
Protect derived domain credentials with Credential Guard
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential-guard
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].