From bce245227f01c72753fee2a4a32cd5fca15c0394 Mon Sep 17 00:00:00 2001 From: John Tobin Date: Wed, 26 Apr 2017 16:06:02 -0700 Subject: [PATCH 1/4] Add new topic:Credential Guard Known Issues --- windows/access-protection/TOC.md | 2 +- .../credential-guard-known-issues.md | 34 +++++++++++++++++++ .../credential-guard-manage.md | 3 +- 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 windows/access-protection/credential-guard/credential-guard-known-issues.md diff --git a/windows/access-protection/TOC.md b/windows/access-protection/TOC.md index 47adc1005f..57dc050f50 100644 --- a/windows/access-protection/TOC.md +++ b/windows/access-protection/TOC.md @@ -24,7 +24,7 @@ ### [Credential Guard protection limits](credential-guard/credential-guard-protection-limits.md) ### [Considerations when using Credential Guard](credential-guard/credential-guard-considerations.md) ### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md) - +### [Credential Guard: Known issues](credential-manager-known-issues.md) ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) diff --git a/windows/access-protection/credential-guard/credential-guard-known-issues.md b/windows/access-protection/credential-guard/credential-guard-known-issues.md new file mode 100644 index 0000000000..5499b6cfdd --- /dev/null +++ b/windows/access-protection/credential-guard/credential-guard-known-issues.md @@ -0,0 +1,34 @@ +--- +title: Credential Guard Known issues (Windows 10) +description: Credential Guard - Known issues in Windows 10 Enterprise +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# Credential Guard: Known issues + +**Applies to** +- Windows 10 +- Windows Server 2016 + +Credential Guard has certain requirements for applications. Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when Credential Guard is enabled. For further information, see [Application requirements](https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). + +The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017: + +• KB4015217: [Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/en-us/help/4015217/windows-10-update-kb4015217) + +This issue can potentially lead to unexpected account lockouts. +See also Knowledge Base articles [KB4015219](https://support.microsoft.com/en-us/help/4015219/windows-10-update-kb4015219) and +[KB4015221](https://support.microsoft.com/en-us/help/4015221/windows-10-update-kb4015221). + +In addition, products that connect to Virtualization Based Security (VBS) protected processes can cause Credential Guard-enabled Windows 10 clients to exhibit high CPU utilization. For further information, see the following Knowledge Base articles: + +• KB88869: [Windows 10 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) + +• [Installing AppSense Environment Manager on Windows 10 machines causes LsaIso.exe to exhibit high CPU usage when Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) * + + *Registration required to access this article. diff --git a/windows/access-protection/credential-guard/credential-guard-manage.md b/windows/access-protection/credential-guard/credential-guard-manage.md index 44be2404c6..9396f2dd47 100644 --- a/windows/access-protection/credential-guard/credential-guard-manage.md +++ b/windows/access-protection/credential-guard/credential-guard-manage.md @@ -15,8 +15,7 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -Prefer video? See [Protecting privileged users with Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474) -in the Deep Dive into Credential Guard video series. +Prefer video? See [Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) in the Deep Dive into Credential Guard video series. ## Enable Credential Guard Credential Guard can be enabled either by using [Group Policy](#enable-credential-guard-by-using-group-policy), the [registry](#enable-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. From d34ac0bef086ea31977651c7a4dde455dc93b4ff Mon Sep 17 00:00:00 2001 From: John Tobin Date: Wed, 26 Apr 2017 16:41:19 -0700 Subject: [PATCH 2/4] Fix TOC file name discrepancy --- windows/access-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/access-protection/TOC.md b/windows/access-protection/TOC.md index 57dc050f50..4691b7553c 100644 --- a/windows/access-protection/TOC.md +++ b/windows/access-protection/TOC.md @@ -24,7 +24,7 @@ ### [Credential Guard protection limits](credential-guard/credential-guard-protection-limits.md) ### [Considerations when using Credential Guard](credential-guard/credential-guard-considerations.md) ### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md) -### [Credential Guard: Known issues](credential-manager-known-issues.md) +### [Credential Guard: Known issues](credential-guard-known-issues.md) ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) From 7bbd6813fbf51144f1f2d4403d07727efe853cc1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 26 Apr 2017 16:50:45 -0700 Subject: [PATCH 3/4] Update TOC.md --- windows/access-protection/TOC.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/access-protection/TOC.md b/windows/access-protection/TOC.md index 4691b7553c..a07a391e84 100644 --- a/windows/access-protection/TOC.md +++ b/windows/access-protection/TOC.md @@ -1,4 +1,4 @@ -# [Access protection](access-control/access-control.md) +credential-guard# [Access protection](access-control/access-control.md) ## [Access Control Overview](access-control/access-control.md) ### [Dynamic Access Control Overview](access-control/dynamic-access-control.md) @@ -24,7 +24,7 @@ ### [Credential Guard protection limits](credential-guard/credential-guard-protection-limits.md) ### [Considerations when using Credential Guard](credential-guard/credential-guard-considerations.md) ### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md) -### [Credential Guard: Known issues](credential-guard-known-issues.md) +### [Credential Guard: Known issues](credential-guard/credential-guard-known-issues.md) ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) From 79ae15f447c16e1285f50386ad0e43beb7e1bef2 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 26 Apr 2017 17:02:44 -0700 Subject: [PATCH 4/4] Update TOC.md --- windows/access-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/access-protection/TOC.md b/windows/access-protection/TOC.md index a07a391e84..16b848c11f 100644 --- a/windows/access-protection/TOC.md +++ b/windows/access-protection/TOC.md @@ -1,4 +1,4 @@ -credential-guard# [Access protection](access-control/access-control.md) +# [Access protection](access-control/access-control.md) ## [Access Control Overview](access-control/access-control.md) ### [Dynamic Access Control Overview](access-control/dynamic-access-control.md)