1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-11-08 17:21:45 -05:00
Windows-Setup/Group Policies Objects/Device Guard.md
Tommy 5906bad9b8
Update policies
Signed-off-by: Tommy <contact@tommytran.io>
2023-12-30 21:54:28 -07:00

548 B

Device Guard

Computer Configuration\Administrative Templates\System\Device Guard

  • Turn On Virtualization Based Security -> Enabled (Only do this if you are running Windows on bare metal or with nested virtualization)
  1. Select Platform Security Level: Secure Boot and DMA Protection
  2. Virtualization Based Protection of Code Integrity: Enabled with UEFI lock
  3. Credential Guard Configuration: Enabled with UEFI lock
  4. Secure Launch Configuration: Enabled
  5. Kernel-mode Hardware-enforced Stack Protection: Enabled in enforcement mode