How to Suppress the Native Credential Prompt on Windows 10/11 Machines for Attended Robot's Desktop In DesktopOverview If the Attended Robot’s Desktop in Desktop feature prompts end-users to enter credentials unexpectedly on Windows 10 or Windows 11, it may be due to the system's security mechanisms such as Credential Guard. This document outlines a series of steps to help you suppress the native credential prompt. Note: Turning off the Credential Guard must be aligned with your organization’s security policies. Please consult your IT/Security teams and obtain the necessary approvals before proceeding with the following. Troubleshooting Steps Step 1: Verify if Credential Guard is Enabled To determine whether Credential Guard is currently active, you can use one of the following methods: Method 1: Using System Information Press Start, type msinfo32.exe, and hit Enter to open System Information.Select System Summary.Look for the entry "Virtualization-based Security Services Running".If Credential Guard is listed, it is currently enabled. Method 2: Using PowerShell Open an elevated PowerShell session (run PowerShell as Administrator).Execute the following command: (Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard).SecurityServicesRunning 3. Interpret the output as: - 0: Credential Guard is disabled (not running) - 1: Credential Guard is enabled (running) Step 2: Turn off Credential Guard (If turned on) There are several methods to turn off the Credential Guard, depending on how it is configured on the device. Option 1: Turn off the Credential Guard via Group Policy Open Local Group Policy Editor (gpedit.msc).2. Navigate to: Computer Configuration → Administrative Templates → System → Device Guard3. Set 'Turn On Virtualization Based Security' to Disabled.4. Reboot the system to apply changes. Note: For domain-joined devices, apply this setting via Group Policy Object (GPO) in Active Directory. Option 2: Turn off the Credential Guard via Registry Settings 1. Open Registry Editor (regedit). 2. Set the following values: Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Name: LsaCfgFlags Type: REG_DWORD Value: 0 Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard Name: LsaCfgFlags Type: REG_DWORD Value: 0 Note: Deleting these keys alone may not turn off the Credential Guard — they must be explicitly set to 0. 3. Reboot the system to apply changes. Option 3: Turn off the Credential Guard with UEFI Lock If Credential Guard is enabled with UEFI Lock, follow these additional steps. This requires physical presence at the device during boot. 1. Perform the previous steps to turn off the Credential Guard (via Group Policy or Registry). 2. Run the following commands in an elevated Command Prompt: mountvol X: /s copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: 3. Restart the system. During boot, a prompt will appear indicating UEFI modifications. Confirm the change to apply it. Additional Notes In enterprise environments, Credential Guard may be enforced by corporate policies. End users may require IT administrator rights to turn it off. Always ensure changes are approved by relevant security stakeholders before proceeding. If the Issue Persists Please contact your IT Administrator to verify if any security policies are preventing the deactivation of Credential Guard.