How to Secure Remote Desktop with Remote Credential Guard in Windows 10

For most system administrators, Remote Desktop is one of the most used features in Windows. As good as it is, every time you select the “Make sure that you trust this PC” option, you are taking a risk of compromising your machine by revealing your remote desktop credentials. This is particularly true if the remote system is unknown to you or if it is infected in some way.

To eliminate this, Microsoft introduced the Remote Credential Guard feature. When you enable this feature, Windows can protect your credentials by properly redirecting the Kerberos requests back to the system that is requesting it. Here is how you can easily enable the Remote Credential Guard feature to secure the remote desktop in Windows 10.

Using the Windows Group Policy Editor to enable remote credential guard is one of the easiest ways. To start, search for gpedit.msc and press the Enter button.


The above action will open the Windows Group Policy Editor. Here, navigate to the location “Computer Configuration -> Administrative Templates -> System -> Credentials Delegation” in the left pane.


Find the policy “Restrict delegation of credentials to remote servers” and double-click on it.


As soon as you double-click on the policy, the policy settings window will open. Here, select the radio button “Enabled.” This action will enable new options in the Options field. Select the option “Require Remote Credential Guard” from the drop-down menu, and then click on the “OK” button to save the changes.


Once you are done, this is how it looks in the Group Policy Editor.


Just restart your system, and the settings will take effect. If you don’t want to restart, just open the Command Prompt as admin and then execute the below command to force update the group policy settings.

GPUpdate.exe /force

If you’d rather use Windows Registry Editor, then you can do that same thing by simply adding a new value. To do that, press “Win + R,” type regedit and press the Enter button.


The above action will open the Windows Registry Editor. Here, navigate to the following location on the left panel.



Once you are here, right-click on the right panel and then select then option “New -> DWORD (32-bit) Value.”


This action will create a new DWORD value. Name the new value as “DisableRestrictedAdmin” and press the enter button.


Now, double-click on the new value to open the Edit Value window. Make sure that the value data is set to “0,” and then click on the “OK” button to save the changes.


Just restart the system to make the changes take effect.

Rather than completely enabling the Remote Credential Guard, you can also enable the feature on a case-by-case basis using the Command Prompt.

To do that open the Command Prompt, and then use the below command to start a new Remote Desktop connection. As you can see, the parameter /remoteGaurd will enable the Remote Credential Guard for that connection.

mstsc.exe /remoteGuard


Do comment below sharing your thoughts and experiences about using the above methods to enable Remote Credential Guard feature in Windows.

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.