deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update credential-guard-manage.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-03-23 13:26:18 -07:00
parent cd70b5b44c
commit 0f67cb9e3b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -135,7 +135,7 @@ You can view System Information to check that Windows Defender Credential Guard
![System Information](images/credguard-msinfo32.png) ![System Information](images/credguard-msinfo32.png)
You can also check that Windows Defender Credential Guard is running by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). You can also check that Windows Defender Credential Guard is running by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md).
``` ```
DG_Readiness_Tool_v3.6.ps1 -Ready DG_Readiness_Tool_v3.6.ps1 -Ready
@ -152,8 +152,8 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
- You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: - You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
- **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials. - **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
- **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: 0x1, 0 - **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: 0x1, 0
- The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means its not configured to run. - The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means it's not configured to run.
- The second variable: 0 means its configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. - The second variable: 0 means it's configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0.
- **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard. - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard.
- **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\] - **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\]
- **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] - **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]