Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11How to enable or disable Device Guard on Windows 10
Device Guard is a combination of enterprise-related software and hardware security features, when configured together, locks the device to run only trusted applications that you specify in the code integrity policy. . If the application is not trusted, it will not be able to run. With hardware that meets the basic requirements, that means that even if an attacker can gain control of the Windows kernel, they cannot run malicious executable code. With the right hardware, Device Guard can use the new virtualization-based security in Windows 10 to isolate the Code Integrity service from Microsoft Windows. In this case, the Code Integrity service runs in the same folder as the Windows virtualized protected container.
This tutorial will show you how to enable or disable security based on Device Guard virtualization on Windows 10 Enterprise and Windows 10 Education PCs.
You must log on as an administrator to enable or disable Device Guard.
- How to open Windows Security in Windows 10
- How to turn on Tamper Protection for Windows Security on Windows 10
- Enhance Windows 10 security with Exploit Protection
How to enable or disable Device Guard
Step 1 . Open the Windows Features.
In Windows 10 Enterprise / Education version 1607 or later, select Hyper-V Hypervisor in Hyper-V and click OK .
In Windows 10 Enterprise / Education versions before version 1607, select Hyper-V Hypervisor in Hyper-V, select Isolated User Mode and click OK .
Step 2 . Open Local Group Policy Editor.
Step 3 . Navigate to the following key in the left pane of Local Group Policy Editor.
Computer ConfigurationAdministrative TemplatesSystemDevice Guard 
Step 4 . In the right pane of Device Guard in the Local Group Policy Editor, double-click the Turn On Virtualization Based Security policy to edit it.
Step 5 . Follow Step 6 (turn on) or Step 7 (off).
Step 6 . To activate Device Guard
- Select Enabled .
- In Options, select Secure Boot or Secure Boot and DMA Protection in the Select Platform Security Level drop-down menu.
Note: The Secure Boot (recommended) option provides secure boot with multiple protections supported by specific computer hardware. A computer with an input / output memory manager (IOMMUs) will have a safe boot with DMA protection. A computer without IOMMUs will only activate secure boot.
Secure Boot with DMA will enable secure booting and VBS only on computers that support DMA, ie computers with IOMMUs. With this setting, any computer without IOMMU will not have VBS protection (hardware-based), although it can enable code integrity policies.
- In Options, select Enabled with UEFI lock or Enabled without lock in the Virtualization Based Protection drop-down menu of Code Integrity.
Note: Enabled with UEFI lock option ensures Virtualization Based Protection of Code Integrity is not disabled remotely. To disable this feature, you need to set up Group Policy Disabled as well as delete the security for each computer with the current user to delete the configuration on UEFI.
Option Enabled without lock for Virtualization Based Protection of Code Integrity is remotely disabled using Group Policy.
- If you wish, you can also activate Credential Guard by selecting Enabled with UEFI lock or Enabled without lock in the drop-down menu Credential Guard Configuration.
Note: Enabled with UEFI lock option ensures Credential Guard is not disabled remotely. To turn off this feature, you must set Group Policy to Disabled as well as delete the security function in each computer with the current user to delete the configuration in UEFI.
Enabled without lock option allows Credential Guard to be turned off remotely using Group Policy. Devices using this installation need to run on the operating system from Windows 10 (Version 1511) or later.
- Go to Step 8.
Step 7 . To disable Device Guard
Select Not Configured or Disabled , click OK and go to Step 8.
Note : Not Configured is the default setting.
Step 8 . Close Local Group Policy Editor.
Step 9 . Restart the computer to apply changes.
I wish you all success!
Marvin FryYou should read it
- Kingdom Guard tips and strategies for beginners
- How to use Folder Guard to set a folder password
- How to encrypt files using File Guard
- How to use Windows Defender increases security when surfing the web
- Microsoft released the Windows Defender extension for Google Chrome and Firefox browsers to protect the device
- Set a password for the folder, set a password for the folder or folder using Folder Guard
- How to build the Star Guardian DTCL squad in season 3
- Hackers antivirus application preinstalled on Xiaomi phones into malware
May be interested
- Enable / disable Windows Recovery Environment (WinRE) in Windows 10
the windows recovery environment can be used to diagnose and repair a system that windows cannot boot. in this guide, tipsmake.com will show you an easy way to enable or disable winre in windows 10. - Summary of some simple ways to disable USB ports on Windows computersyou can imagine that usb ports are like door scenes, and other users or malware, viruses can spread and access your system anytime through this path. so to protect important data on your windows computer, you can disable the usb port.
- Trick to enable / disable Windows Updates on Windows 10 quickly and easilyif you feel the automatic update feature of windows 10 is bothering your work. why do you not choose to temporarily disable this feature. if you want to update at a certain time you can choose to enable this feature again.
- How to enable/disable Enhance Images in Microsoft Edgethis guide will show you how to enable or disable automatic image enhancement in microsoft edge for your account or all users in windows 10 and windows 11.
- Enable / disable ReFS (Resilient File System) on Windows 10refs was first introduced on windows 8.1 and windows server 2012, and was designed to maximize available data and reliability even if the related storage device had a hardware failure.
- How to enable/disable 'Let's finish setting up your device' screen on Windows 11the let's finish setting up your device screen is a scoobe (second-chance out of box experience) that can display when you sign in to suggest ways to get the most out of windows and complete this device setup.
- How to enable and disable Secure Sign-In in Windows 10without knowing computer skills, you can also understand how important computer security is. one way to do this is to enable secure sign-in, which requires the user to press ctrl + alt + delete on the lock screen before logging in.
- Disable / Enable the 'Welcome' screen of Windows XPwhat if you want to change the login way of your computer, can you disable or enable welcome screen?
- How to enable and disable the standby screen mode in Windows 10how to enable and disable the standby screen mode in windows 10. the screen saver (screen saver) is a feature that helps your computer operate with lower power but still ensures the computer turns on quickly when you return. work. this feature is extremely useful when we use the old crt monitors with a long boot time.
- What is UAC? How to enable / disable UAC on Windows 10, 8, 7find out what uac is and how to enable and disable user account control - uac on windows 10-8 - 7. user account control or uac is a part of windows security system
Windows 10
- How to use Chocolatey to install and update Windows programs
- How to create a two-screen switch mode shortcut on Windows 10
- How to uninstall the driver completely on Windows
- How to reset network data usage on Windows 10
- How to turn on the search box on the lock screen on Windows 10
- How to fix the Game Bar problem does not work on Windows 10
How to use Chocolatey to install and update Windows programs
How to create a two-screen switch mode shortcut on Windows 10
How to uninstall the driver completely on Windows
How to reset network data usage on Windows 10
How to turn on the search box on the lock screen on Windows 10
How to fix the Game Bar problem does not work on Windows 10