1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-11-22 16:11:45 -05:00
Windows-Setup/Group Policies Objects/Default Domain Policy/Device Guard.md
Tommy ee9ce3a019
Fix policy path to match AD
Signed-off-by: Tommy <contact@tommytran.io>
2024-01-06 04:43:40 -07:00

467 B

Device Guard

Computer Configuration\Policies\Administrative Templates\System\Device Guard

  • Turn On Virtualization Based Security -> Enabled
  1. Select Platform Security Level: Secure Boot and DMA Protection
  2. Virtualization Based Protection of Code Integrity: Enabled with UEFI lock
  3. Credential Guard Configuration: Enabled with UEFI lock
  4. Secure Launch Configuration: Enabled
  5. Kernel-mode Hardware-enforced Stack Protection: Enabled in enforcement mode