revised script

windows/security/identity-protection/credential-guard/credential-guard-manage.md

@@ -12,7 +12,7 @@ ms.author: daniha
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
-ms.date: 09/04/2018
+ms.date: 03/01/2019
 ---
 
 # Manage Windows Defender Credential Guard
@@ -157,25 +157,19 @@ To disable Windows Defender Credential Guard, you can use the following set of p
     > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
 
 3.  Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
+
     ``` syntax
-
     mountvol X: /s
-
     copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
-
     bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
-
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
-
     bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
-
-    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
-
+    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
-
+    bcdedit /set hypervisorlaunchtype off
     mountvol X: /d
-
     ```
+
 2.  Restart the PC.
 3.  Accept the prompt to disable Windows Defender Credential Guard.
 4.  Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.