From 1f1b40dadcf40e4ff7e3d698eb65000f0f0f736c Mon Sep 17 00:00:00 2001
From: olkorsha <130001581+olkorsha@users.noreply.github.com>
Date: Tue, 18 Apr 2023 13:49:09 -0700
Subject: [PATCH] Add notes for how to gray out/activate the memory integrity
 UI

Adds reg command for deleting & setting WasEnabledBy
---
 ...irtualization-based-protection-of-code-integrity.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index d40726923d..f0fd6be3e9 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -159,6 +159,16 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorE
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 1 /f
 ```
 
+**To gray out the memory integrity UI and display the message "This setting is managed by your administrator"**
+```console
+reg delete HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /f
+```
+
+**To let memory integrity UI behave normally (Not grayed out)**
+```console
+reg add HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /t REG_DWORD /d 2 /f
+```
+
 #### For Windows 10 version 1511 and earlier
 
 Recommended settings (to enable memory integrity, without UEFI Lock):