We have credential guard enabled on all servers and as Nick states this has no impact on Guacamole. Its an optin feature not a mandotary one. Servers where remote credential guard is enabled still allow regular RDP or NTLM auth based rdp. I must also add that if you connect to ALL your servers using Guac there is little to no benefit to remote credential guard. Its main benefit is when you use a jump server to jump to servers that have it enabled then credentials are not sent to the remote server. However if you connect to these servers using guac all NTLM hashes are present in memory unless you use VBS and credential guard.
From: Nick Couchman<mailto:[email protected]> Sent: woensdag 18 oktober 2023 1:24 To: [email protected]<mailto:[email protected]> Subject: Re: Windows 10 / Server 2016 -- Credential Guard? On Tue, Oct 17, 2023 at 2:32 PM Brad Turnbough <[email protected]<mailto:[email protected]>> wrote: Does Guacamole work with Hosts that have credential guard enabled? I’d imagine this has to be dependant on the freeRDP version in use, I guess. I haven’t tested this yet, but I’m interested and am thinking about implementing it in my test environment. Thoughts? The reading that I've done on Credential Guard indicates that it is more to protect credentials within the machine itself - as in, UEFI and TPM - and doesn't seem to change how users or applications interact with the system (e.g. RDP). This indicates to me that you shouldn't experience any issues with this. -Nick
