deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-20 17:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

revised script

Browse Source
This commit is contained in:
Justin Hall 2019-03-01 11:01:07 -08:00
parent 20f0c67ee6
commit c013228b5d
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -12,7 +12,7 @@ ms.author: daniha
manager: dansimp manager: dansimp
ms.collection: M365-identity-device-management ms.collection: M365-identity-device-management
ms.topic: article ms.topic: article
ms.date: 09/04/2018 ms.date: 03/01/2019
--- ---
# Manage Windows Defender Credential Guard # Manage Windows Defender Credential Guard
@ -157,25 +157,19 @@ To disable Windows Defender Credential Guard, you can use the following set of p
> If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
3. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: 3. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
``` syntax ``` syntax
mountvol X: /s mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
bcdedit /set hypervisorlaunchtype off
mountvol X: /d mountvol X: /d
``` ```
2. Restart the PC. 2. Restart the PC.
3. Accept the prompt to disable Windows Defender Credential Guard. 3. Accept the prompt to disable Windows Defender Credential Guard.
4. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. 4. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.