New Windows Defender Credential Guard

KarimKarim
in Technical Discussion

Windows 11 and Server 2025 are rolling out their new Credential Guard which is a great protection in theory, but is causing quiet a lot of issues with passwords saving etc. If you use Remote Desktop and save your connection passwords, you will have now to type every time your password. For now, a registry hack or group policy edit can bypass some of it for RDP, unfortunately it will not work for our Watchguard SSLVPN App. We use a long, very long, password that is no longer saved, and we can't have our users type it every time. Has anyone found a registry hack to allow the password to be saved for the SSLVPN App, or is Watchguard planning an update? It would be greatly appreciated if anyone had some info. Our fleet of laptops using SSLVPN are suffering!!!

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Karim

    The SSLVPN doesn't specifically prevent you from filling a password (via the registry or otherwise.) If there is a restriction like that, it's coming from windows itself.

    I can certainly bring this to the development team's attention, but if it ends up being the OS blocking your password manager from doing it's job, the solution will likely need to come from either of those places.

    I'd suggest opening a support case, so that we can get more details (password manager, exact builds of windows.

    If your users have IKEv2 VPN as an option, windows does offer to remember the credentials for that in the VPN client they provide.

    -James Carson
    WatchGuard Customer Support

  • KarimKarim

    James, yes the problem comes from the new Windows Security policy which is not going to change. Windows Credential Guard is preventing the password to be filled in into the Watchguard SSLVPN application even with the registry hack which I already tried. One way or the other, in the future anyway, we do not want to disable the Credential Guard. I am also using other VPN applications like ExpressVPN which do not suffer this limitation, which is why I asked if maybe in the future, Watchguard will look into it, as again typing 20 characters long passwords every time we need to connect, or reconnect after a disconnection, is really not feasible long term. I believe it would be a good idea to bring this issue to your development team as this will not go away, and on the contrary will become necessary.

    Windows 11 PRO, version 23h2, OS build 22631.3810. That is the latest Windows 11 update.

    Thank you.

  • KarimKarim

    Hey guys, I feel a bit stupid as I found out in the setting of the SSL VPN a check mark that allows the VPN users to save the password or not. Yup... sometimes we just forget or don't see what is under our noses. Anyway, thank you for your support. Always very much appreciated.

Sign In to comment.