From c013228b5d5f0262ccc3640c1a1dbddee41f38db Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 1 Mar 2019 11:01:07 -0800 Subject: [PATCH] revised script --- .../credential-guard/credential-guard-manage.md | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index def101e7d1..f4f22dde8a 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -12,7 +12,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -ms.date: 09/04/2018 +ms.date: 03/01/2019 --- # Manage Windows Defender Credential Guard @@ -157,25 +157,19 @@ To disable Windows Defender Credential Guard, you can use the following set of p > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. 3. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: + ``` syntax - mountvol X: /s - copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y - bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" - bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO - + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: - + bcdedit /set hypervisorlaunchtype off mountvol X: /d - ``` + 2. Restart the PC. 3. Accept the prompt to disable Windows Defender Credential Guard. 4. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.