PENDING SCCM Remote Control not working after enabling Credential Guard

Fiza

New Member
3
0
1
Hi All,
As per our organization's security recommendations I had to enable credential guard across all the systems. For that I tested on few machines running on windows 10 version 21H1. I made the below changes in BIOS:
1. Enabled Virtualization
2. TPM 2.0( was already enabled)
3. Enabled Secure boot
Also I enabled windows Hyper-V platform ( not the management tools) because these are the pre requisites for credential guard. After doing the changes, GPO for credential guard was applied and it worked fine. But then I could not take remote session of other systems from SCCM. It showed access denied error. Below is the CmRcService log:

<![LOG[The viewer is a member of the Local Administrators group who are allowed to use Remote control
<![LOG[The user(domain\username) is not authorized for Remote Control
<![LOG[Session denied: The remote user is not authorized to perform remote control on this system.
<![LOG[Disconnecting the connection.

The remote control worked fine after reverting the changes. Please help me to get this issue sorted out as credential guard has to be implemented across all the systems.
 
OP
F

Fiza

New Member
3
0
1
The GPO settings are under Computer Configuration -> Administrative Templates -> System -> Device Guard.
Turn on Virtualization Based Security - enabled. The settings under virtualization based security are attached as screenshots.
 

Attachments

  • Credential guard GPO.PNG
    Credential guard GPO.PNG
    35.4 KB · Views: 0

Forum statistics

Threads
4,514
Messages
17,668
Members
9,104
Latest member
KoreBreach