Turn On Virtualization Based Security

Specifies whether Virtualization Based Security is enabled.Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot and can optionally be enabled with the use of DMA Protections. DMA protections require hardware support and will only be enabled on correctly configured devices.Virtualization Based Protection of Code IntegrityThis setting enables virtualization based protection of Kernel Mode Code Integrity. When this is enabled kernel mode memory protections are enforced and the Code Integrity validation path is protected by the virtualization based security feature.Warning: All drivers on the system must be compatible with this feature or the system may crash. Ensure that this policy setting is only deployed to computers which are known to be compatible. Credential GuardThis setting lets you decide whether users can turn on Credential Guard with virtualization-based security to help protect credentials. Disabling these settings does not remove the feature from the computer. Instead you must also remove the security functionality from each computer with a physically present user in order to clear configuration persisted in Secure Boot.Please refer to the documentation for a complete set of requirements to securely configure this feature.

    The policy is located under of Local Group Policy Editor.

Additional Information

  1. Registry path is:

    HKLM -> SOFTWARE -> Policies -> Microsoft -> Windows -> DeviceGuard!EnableVirtualizationBasedSecurity; HKLM -> SOFTWARE -> Policies -> Microsoft -> Windows -> DeviceGuard!RequirePlatformSecurityFeatures HKLM -> SOFTWARE -> Policies -> Microsoft -> Windows -> DeviceGuard!HypervisorEnforcedCodeIntegrity HKLM -> SOFTWARE -> Policies -> Microsoft -> Windows -> DeviceGuard!LsaCfgFlags

  2. The Administrative Template path is:

    System -> Device Guard


* Making mistakes while changing registry values can affect your system adversely. We recommend you to create a System Restore point before making registry manipulation. If you're new to Registry Editor, read this beginner's guide.
** To locate the registry and administrative template path, checkout beginner's guide.
You're here :
Checkout Kapil Sparks™