deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-deviceguard.md

5.7 KiB
Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
title description ms.author ms.topic ms.prod ms.technology author ms.date
Policy CSP - DeviceGuard Policy CSP - DeviceGuard maricia article w10 windows nickbrower 03/05/2018

Policy CSP - DeviceGuard

DeviceGuard policies

DeviceGuard/EnableVirtualizationBasedSecurity
DeviceGuard/LsaCfgFlags
DeviceGuard/RequirePlatformSecurityFeatures

DeviceGuard/EnableVirtualizationBasedSecurity

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark cross mark cross mark check mark3 check mark3 cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.

ADMX Info:

  • GP English name: Turn On Virtualization Based Security
  • GP name: VirtualizationBasedSecurity
  • GP path: System/Device Guard
  • GP ADMX file name: DeviceGuard.admx

The following list shows the supported values:

  • 0 (default) - disable virtualization based security.
  • 1 - enable virtualization based security.

DeviceGuard/LsaCfgFlags

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark cross mark cross mark check mark3 check mark3 cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer.

ADMX Info:

  • GP English name: Turn On Virtualization Based Security
  • GP name: VirtualizationBasedSecurity
  • GP element: CredentialIsolationDrop
  • GP path: System/Device Guard
  • GP ADMX file name: DeviceGuard.admx

The following list shows the supported values:

  • 0 (default) - (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock.
  • 1 - (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock.
  • 2 - (Enabled without lock) Turns on Credential Guard without UEFI lock.

DeviceGuard/RequirePlatformSecurityFeatures

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark cross mark cross mark check mark3 check mark3 cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer.

ADMX Info:

  • GP English name: Turn On Virtualization Based Security
  • GP name: VirtualizationBasedSecurity
  • GP element: RequirePlatformSecurityFeaturesDrop
  • GP path: System/Device Guard
  • GP ADMX file name: DeviceGuard.admx

The following list shows the supported values:

  • 1 (default) - Turns on VBS with Secure Boot.
  • 3 - Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.

Footnote:

  • 1 - Added in Windows 10, version 1607.
  • 2 - Added in Windows 10, version 1703.
  • 3 - Added in Windows 10, version 1709.