Forum Discussion

The_Other_Josh's avatar
4 years ago

Use of CredentialGuard

Is anyone using or planning on using CredentialGuard?  We enabled it in the spring and ran into problems if the WMI user (via properties) wasn't the same as the service account.

After a lot of work with support to identify the source of the problem, the final response was that it's an unsupported configuration.  "This doesn't mean you cannot use Credential Guard, simply that it hasn't been officially tested and verified and any performance related issues cannot be remedied via support -- per the support team"

The specific use of different accounts wasn't an issue for us; it was a legacy of the early installation. However, I am concerned that there are no plans to include a credential guard configuration in their release testing.  I expect in MOST cases it works seamlessly and that's why they haven't heard from customers.


Background on the issue:

The underlying issue appeared to be in sbproxy; powershell scripts would work fine but 'native' WMI not.  It appeared to be something related to queueing; slowly enabling instances wouldn't trigger the problem, but if you enabled many instances at once it would permanently get backed up.  It's been a few months so the details might not be completely accurate.