死死团
精华
|
战斗力 鹅
|
回帖 0
注册时间 2019-2-13
|
本帖最后由 obiy 于 2019-8-14 21:20 编辑
官方工具还有个-Capable参数,可以查看能否兼容Credential Guard,查了一下发现没有HSTI和TPM,要额外的硬件的话就算了,关了省事(臭打游戏的也没多么珍贵的数据)
关闭此功能最方便的方法是用官方脚本,这东西在非英语Windows下有bug,不想改代码的话就修改显示语言,关闭后再修改回来。
--------------------------------
通过文档的方法无法开启此功能,有什么办法吗?
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage
版本 10.0.18362 版本 18362
以下为dgreadiness的日志(工具里的说明是开启hyper-v失败了,可是不知道如何令其开启):
###########################################################################
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Guard and Credential Guard.
###########################################################################
###########################################################################
OS and Hardware requirements for enabling Device Guard and Credential Guard
1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education, Enterprise IoT, Pro, and Home
2. Hardware: Recent hardware that supports virtualization extension with SLAT
To learn more please visit: https://aka.ms/dgwhcr
###########################################################################
Enabling Device Guard and Credential Guard
Setting RegKeys to enable DG/CG
Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
Output: 操作成功完成。
Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
Output: 操作成功完成。
Major Minor Build Revision
----- ----- ----- --------
10 0 18362 0
Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f
Output: 操作成功完成。
Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LsaCfgFlags" /t REG_DWORD /d 2 /f
Output: 操作成功完成。
Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f
Output: 操作成功完成。
Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f
Output: 操作成功完成。
Writing Decoded SIPolicy.p7b
Enabling Hyper-V and IOMMU
Major Minor Build Revision
----- ----- ----- --------
10 0 18362 0
部署映像服务和管理工具
版本: 10.0.18362.1
映像版本: 10.0.18362.267
错误: 0x800f080c
功能名称 Microsoft-Hyper-V-Online 未知。
未识别出 Windows 功能名称。
请使用 /Get-Features 选项在映像中查找功能名称,然后重试该命令。
可以在 C:\WINDOWS\Logs\DISM\dism.log 上找到 DISM 日志文件
Enabling Hyper-V failed please check the log file
Executing: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "HyperVEnabled" /t REG_DWORD /d 0 /f
Output: 操作成功完成。
PC will restart in 30 seconds
Executing: shutdown /r /t 30
Output:
###########################################################################
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Guard and Credential Guard.
###########################################################################
###########################################################################
OS and Hardware requirements for enabling Device Guard and Credential Guard
1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education, Enterprise IoT, Pro, and Home
2. Hardware: Recent hardware that supports virtualization extension with SLAT
To learn more please visit: https://aka.ms/dgwhcr
###########################################################################
Current DGRunning = 0, ConfigCI= 2
_CGState: 0, _HVCIState: 0, _ConfigCIState: 2
Credential-Guard is not running.
HVCI is not running.
Config-CI is enabled and running. (Enforced mode)
Not all services are running.
|
|