deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-27 20:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update credential-guard-manage.md

Browse Source
This commit is contained in:
jirenugo 2020-07-14 01:23:19 -07:00 committed by GitHub
parent 8646f7ea3c
commit 67bb581bc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -155,7 +155,7 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
- You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
- **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
- **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: 0x1, 0
- The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means it's not configured to run.
- The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means it's not configured to run. 0x2 means Windows Defender Credential Guard is configured to run with UEFI lock
- The second variable: 0 means it's configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0.
- **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard.
- **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\]