If you are browsing the Local Users and Groups console or used the command on a Windows 10 or 11 computer, you must have come across a user account named “WDAGUtilityAccount.” Since you do not recall creating such an account, where did it come from?
WDAGUtilityAccount is a system account in Windows that indicates Windows Defender Application Guard is enabled on your system. Windows includes several built-in system accounts, and WDAGUtilityAccount is one of them.
WDAGUtilityAccount was first introduced on Windows 10 and is also included in Windows 11. This means it is not a virus and should belong on your computer by default.
In this article, we discuss in detail what the WDAGUtilityAccount is and what’s its purpose.
Table of contents
Purpose of WDAGUtilityAccount
As mentioned earlier, the WDAGUtilityAccount is a built-in account present in Windows 10 and Windows 11. It was not present in Windows 8 or 7. This is a user account associated with the Windows Defender Application Guard. This account can be seen in the Command Prompt when you run the following command:
You can also see this account present amongst other user accounts in the Local Users and Groups management console (lusrmgr.msc).
The Windows Defender Application Guard doesn’t need to be enabled for you to see the WDAGUtilityAccount; it will still be present and created on your PC even if the Application Guard is disabled.
That being said, the WDAGUtilityAccount is created and managed by the system itself. When the Windows Defender Application Guard is enabled, it isolates the websites not mentioned in the whitelist using this account. The same happens when a questionable Microsoft Office file is opened.
Thus far, we have established that the WDAGUtilityAccount is a legitimate Windows account and not a virus. However, can you disable/delete it?
Is it Safe to Delete the WDAGUtilityAccount?
Like all other user accounts, you can manage some of the settings for the WDAGUtilityAccount from the Local Users and Groups snap-in. You even have the option to delete it. But before you try to delete it, there are two things to consider:
Number one: the WDAGUtilityAccount is here to protect your system from threats and malware. Therefore, deleting it would not be the wisest decision. Deleting the account would mean that the Windows Defender Application Guard could not function properly, making your computer compromised.
Number two: when you attempt to delete the user account, you won’t be able to. Instead, you will see an error message stating the following:
The following error occurred while attempting to delete the user WDAGUtilityAccount: Cannot perform this operation in built-in accounts.
This tells us that, like the built-in Administrator account, you cannot delete or remove the WDAGUtilityAccount using any traditional method. However, you can delete it from the Windows Registry.
How to Delete WDAGUtilityAccount
Before using the following steps to permanently delete the WDAGUtilityAccount, consider the reciprocations of not keeping your system safe. We do not recommend that you delete the account unless necessary.
Note: The process involves manual manipulation of the Windows registry. Misconfiguration of critical values in the system’s registry could be fatal for your operating system. Therefore, we insist that you create a system restore point before proceeding forward with the process.
You can also use our top selection of disk imaging and backup software so you never lose your data or operating system again.
Open the Registry Editor by typing in “regedit” in the Run Command box.
Paste the following into the navigation bar for quick navigation:
Right-click the SAM sub-key and click “Permissions.”
Select the “Administrators” group and then check the Full Control box under the Allow column. Then click Apply and Ok.
Now, press the F5 function key to refresh the content inside the Registry Editor.
Expand the SAM sub-key and navigate to the following location:
Now, right-click the “WDAGUtilityAccount” key and click Delete from the context menu.
If asked for confirmation, click Yes.
WDAGUtilityAccount will now be permanently deleted from your computer. Note that the Windows Defender Application Guard will no longer function properly, but you won’t physically see any errors or side effects.
Manage the WDAGUtilityAccount
Like all other accounts, you can also manage the WDAGUtilityAccount on your Windows PC. For example, you can enable it, set a password, configure it so that the user can change the password the next time they log in, etc. However, most of these options are useless.
This is because, even though you enable the account, you won’t sign into it. WDAGUtilityAccount is an account without UI. Even on the lock screen, the option to sign into the WDAGUtilityAccount is never presented, even when the account is enabled.
However, you should still know how to change the account’s settings if needed:
Open the Local Users and Groups console by typing in “lusrmgr.msc” in the Run Command box.
Note: The Local Users and Groups console is only available on the Professional, Education, and Enterprise editions of Windows. If you are running a different edition, then learn how to install the Local Users and Groups console.
Click on the group “Users” in the left pane, then right-click “WDAGUtilityAccount” and click “Properties.”
From this window, you can manage and configure the WDAGUtilityAccount.
WDAGUtilityAccount exists on your computer from day one, even if the Microsoft Defender Application Guard is disabled (default).
Learn how to enable Windows Defender Application Guard.
This article covers everything there is to know about the WDAGUtilityAccount you often see on your PC. In the end, we still advise our readers not to mess with the built-in functions of the Windows operating system as it could potentially harm its stability.