Windows 10: Enable or Disable Device Guard in Windows 10

Discus and support Enable or Disable Device Guard in Windows 10 in Windows 10 Tutorials to solve the problem; How to: Enable or Disable Device Guard in Windows 10 How to Enable or Disable Device Guard in Windows 10 Device Guard is a combination of... Discussion in 'Windows 10 Tutorials' started by Brink, Feb 17, 2017.

  1. Brink
    Brink New Member

    Enable or Disable Device Guard in Windows 10


    How to: Enable or Disable Device Guard in Windows 10

    How to Enable or Disable Device Guard in Windows 10


    Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isnt trusted it cant run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 (available in Enterprise and Education desktop SKUs and in all Server SKUs) to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.

    Device Guard references: (recommend to read)
    This tutorial will show you how to enable or disable Device Guard virtualization-based security on Windows 10 Enterprise and Windows 10 Education PCs.

    You must be signed in as an administrator to enable or disable Device Guard.




    Here's How:

    1. Open Windows Features, and:
    *Arrow In Windows 10 Enterprise/Education version 1607 and newer, check Hyper-V Hypervisor under Hyper-V, and click/tap on OK. (see left screenshot below)

    OR

    *Arrow In Windows 10 Enterprise/Education versions earlier than 1607, check Hyper-V Hypervisor under Hyper-V, check Isolated User Mode, and click/tap on OK. (see right screenshot below)


    Enable or Disable Device Guard in Windows 10 [​IMG]

    Enable or Disable Device Guard in Windows 10 [​IMG]


    2. Open the Local Group Policy Editor.

    3. Navigate to the key below in the left pane of Local Group Policy Editor. (see screenshot below)
    *Arrow Computer Configuration\Administrative Templates\System\Device Guard


    Enable or Disable Device Guard in Windows 10 [​IMG]

    4. In the right pane of Device Guard in Local Group Policy Editor, double click/tap on the Turn On Virtualization Based Security policy to edit it. (see screenshot above)

    5. Do step 6 (enable) or step 7 (disable) below for what you would like to do.


    6. To Enable Device Guard
    A) Select (dot) Enabled. (see screenshot below step 7)

    B) Under Options, select Secure Boot or Secure Boot and DMA Protection in the Select Platform Security Level drop menu for what you want.

    *note The Secure Boot (recommended) option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.

    The Secure Boot with DMA will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can have code integrity policies enabled.


    C) Under Options, select Enabled with UEFI lock or Enabled without lock in the Virtualization Based Protection of Code Integrity drop menu for what you want.

    *note The Enabled with UEFI lock option ensures that Virtualization Based Protection of Code Integrity cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to "Disabled" as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI.

    The Enabled without lock option allows Virtualization Based Protection of Code Integrity to be disabled remotely by using Group Policy.


    D) If you like, you could also enable Credential Guard by selecting Enabled with UEFI lock or Enabled without lock in the Credential Guard Configuration drop menu for what you want.

    *note The Enabled with UEFI lock option ensures that Credential Guard cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to "Disabled" as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI.

    The Enabled without lock option allows Credential Guard to be disabled remotely by using Group Policy. The devices that use this setting must be running at least Windows 10 (Version 1511).


    E) Go to step 8 below.

    7. To Disable Device Guard
    A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 8 below. (see screenshot below)

    *note Not Configured[/B] is the default setting.


    Enable or Disable Device Guard in Windows 10 [​IMG]


    8. Close the Local Group Policy Editor.

    9. Restart the computer to apply.


    That's it,
    Shawn


    Related Tutorials

    :)
     
    Brink, Feb 17, 2017
    #1
  2. Brink Win User

    Windows 10 Device Guard and Credential Guard Demystified

    Source: Windows 10 Device Guard and Credential Guard Demystified - Microsoft Tech Community - 376419


    Enable or Disable Device Guard in Windows 10 [​IMG]
    Tip How to Enable or Disable Device Guard in Windows 10

    How to Verify if Device Guard is Enabled or Disabled in Windows 10

    How to Enable or Disable Credential Guard in Windows 10

    How to Verify if Credential Guard is Enabled or Disabled in Windows 10
     
    Brink, Oct 26, 2019
    #2
  3. Brink Win User
    Credential Guard lab companion


    Source: Credential Guard lab companion Datacenter and Private Cloud Security Blog


    See also:
     
    Brink, Oct 26, 2019
    #3
  4. Brink Win User

    Enable or Disable Device Guard in Windows 10

    Windows 10 Device Guard and Credential Guard Demystified


    Source: Windows 10 Device Guard and Credential Guard Demystified - Microsoft Tech Community - 376419


    Enable or Disable Device Guard in Windows 10 [​IMG]
    Tip How to Enable or Disable Device Guard in Windows 10

    How to Verify if Device Guard is Enabled or Disabled in Windows 10

    How to Enable or Disable Credential Guard in Windows 10

    How to Verify if Credential Guard is Enabled or Disabled in Windows 10
     
    Brink, Oct 26, 2019
    #4
  5. How to disable "Device Guard"

    Hi,

    I am trying to install a software but i have to turn off "Device Guard" in my surface pro before i can do so.

    Please provide steps on how to do so.
     
    SugarySalt, Oct 26, 2019
    #5
  6. Lycaeus Win User
    How can I disable Device Guard?

    I'd like to know how I can disable Device Guard in windows 10 after successfully upgrading from windows 7. A large number of apps will no longer run stating that an administrator has blocked access (even with me being the only user and having full admin
    privileges) despite all security and UAC settings being fully disabled, and a google search lead me to Device Guard.

    How can I disable this utterly abysmal flaw in Windows 10? If I can not disable or configure it, I will be rolling back to windows 7
     
    Lycaeus, Oct 26, 2019
    #6
Thema:

Enable or Disable Device Guard in Windows 10

Loading...
  1. Enable or Disable Device Guard in Windows 10 - Similar Threads - Enable Disable Device

  2. Windows 10 Device Guard and Credential Guard Demystified

    in Windows 10 Ask Insider
    Windows 10 Device Guard and Credential Guard Demystified: [ATTACH] submitted by /u/Wireless_Life [link] [comments] https://www.reddit.com/r/Windows10/comments/l7w0j3/windows_10_device_guard_and_credential_guard/
  3. DG Readiness Tool - Unable to Disable Device Guard

    in Windows 10 Customization
    DG Readiness Tool - Unable to Disable Device Guard: I am trying to disable Device Guard since it is preventing me from running my VMs in VMWare Workstation Player. When I open a command window in the DGReadiness folder and type in 'DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot' all that happens is that the...
  4. Disabling Windows Device/Credential Guard in Windows 10 Home

    in AntiVirus, Firewalls and System Security
    Disabling Windows Device/Credential Guard in Windows 10 Home: How do I disable Device/Credential Guard in Windows 10 Home to use VMware Player? https://file.io/nxqbvg VirtualBox isn't working either, and Windows 10 Home doesn't have Hyper-V (but I wish it would, especially because of Android Studio.) Anyone have a solution besides...
  5. Device Guard in Windows 10 home?

    in Windows 10 Drivers and Hardware
    Device Guard in Windows 10 home?: ee what's weird is you can't do this in win home So I updated to Win 1903 yesterday and don't know why I tried to enable Windows 10 defender application guard using that powershell command what's wrong is that Windows 10 home has no support for it so there is no...
  6. Windows 10 Device Guard and Credential Guard Demystified

    in Windows 10 News
    Windows 10 Device Guard and Credential Guard Demystified: While helping Windows Enterprise customers deploy and realize the benefits of Windows 10, I've observed there's still a lot of confusion regarding the security features of the operating system. This is a shame since some of the key benefits of Windows 10 involve these deep...
  7. How to disable "Device Guard"

    in AntiVirus, Firewalls and System Security
    How to disable "Device Guard": Hi, I am trying to install a software but i have to turn off "Device Guard" in my surface pro before i can do so. Please provide steps on how to do so....
  8. Verify if Credential Guard is Enabled or Disabled in Windows 10

    in Windows 10 Tutorials
    Verify if Credential Guard is Enabled or Disabled in Windows 10: How to: Verify if Credential Guard is Enabled or Disabled in Windows 10 How to Verify if Credential Guard is Enabled or Disabled in Windows 10 [img] Information Credential Guard uses virtualization-based security to isolate secrets so that only privileged system...
  9. Enable or Disable Credential Guard in Windows 10

    in Windows 10 Tutorials
    Enable or Disable Credential Guard in Windows 10: How to: Enable or Disable Credential Guard in Windows 10 How to Enable or Disable Credential Guard in Windows 10 Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these...
  10. Verify if Device Guard is Enabled or Disabled in Windows 10

    in Windows 10 Tutorials
    Verify if Device Guard is Enabled or Disabled in Windows 10: How to: Verify if Device Guard is Enabled or Disabled in Windows 10 How to Verify if Device Guard is Enabled or Disabled in Windows 10 Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a...

Users found this page by searching for:

  1. device guard disable windows 10

    ,
  2. how to enable device guard windows 10

    ,
  3. device guard windows 10 s mode disable