From ece1814ff6e3c2572fee584a7bd8a154d4fd7725 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Thu, 7 Oct 2021 17:10:32 +0530 Subject: [PATCH] Update config-lock.md Update --- windows/client-management/mdm/config-lock.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md index e662f8090f..75cade9415 100644 --- a/windows/client-management/mdm/config-lock.md +++ b/windows/client-management/mdm/config-lock.md @@ -122,5 +122,5 @@ Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally m **#2. Does the Secured-Core PC Device Identifier UEFI variable (BuiltAsSecuredCorePC) value matter after it’s been read by the OA3 tool in the OEM factory?**
Yes. Config Lock will always read this UEFI variable to know whether it pertains to a device or not. So, changing the variable changes the Config Lock even after the device has left the OEM factory. -**#3. Could an end-user run the BuiltAsSecuredCorePC Power Shell command to disable Config Lock?**
- The Power Shell script is accessible, but the BuiltAsSecuredCorePC becomes read-only after boot, so the command will fail when run from the OS. +**#3. Could an end-user run the BuiltAsSecuredCorePC PowerShell command to disable Config Lock?**
+ The PowerShell script is accessible, but the BuiltAsSecuredCorePC becomes read-only after boot, so the command will fail when run from the OS.