Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Device Guard and Credential Guard and Virtualbox #71

Open
kennyhyun opened this issue Apr 6, 2022 · 3 comments
Open

Windows Device Guard and Credential Guard and Virtualbox #71

kennyhyun opened this issue Apr 6, 2022 · 3 comments
Labels
enhancement New feature or request

Comments

@kennyhyun
Copy link
Owner

kennyhyun commented Apr 6, 2022
edited
Loading

Latest Windows 10/11 introduced Device Guard and Credential Guard turned on by default and it seems that those are not work well along with Virtualbox.

  • 6.1.28 does not start the instance
  • 6.1.30 launches the instance but it consumes more CPU power and some task was failing
    • eg. yarn installing in docker image build using build-kit failed
PS C:\WINDOWS\system32> Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard


AvailableSecurityProperties                  : {1, 3, 4, 5...}
CodeIntegrityPolicyEnforcementStatus         : 0
InstanceIdentifier                           : 4ff40742-2649-41b8-bdd1-e80fad1cce80
RequiredSecurityProperties                   : {0}
SecurityServicesConfigured                   : {3, 4}
SecurityServicesRunning                      : {3, 4}
UsermodeCodeIntegrityPolicyEnforcementStatus : 0
Version                                      : 1.0
VirtualizationBasedSecurityStatus            : 2
PSComputerName                               :

VirtualizationBasedSecurityStatus : 2 should be 0 or 1

and

PS C:\WINDOWS\system32> systeminfo
...
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed

Should be like

Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
                           Virtualization Enabled In Firmware: Yes
                           Second Level Address Translation: Yes
                           Data Execution Prevention Available: Yes

https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-management/virtualization-apps-not-work-with-hyper-v
@kennyhyun
Copy link
Owner Author

VirtualizationBasedSecurityStatus : 2 should be 0 or 1

@kennyhyun
Copy link
Owner Author

I'll integrate this script into setup.ps1 to disable Defender Credential Guard

DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot

As instructed here

@kennyhyun kennyhyun added the enhancement New feature or request label Apr 29, 2022
@kennyhyun
Copy link
Owner Author

kennyhyun commented Apr 5, 2024
edited
Loading

To Disable Device guard for Virtualbox,

  1. Download readiness https://www.microsoft.com/en-my/download/details.aspx?id=53337
  2. unzip and open powershell in admin mode
  3. run command
./DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot

You must run the readiness tool in front of machine with keyboard, and it will reboot the machine.
During the reboot, F3 or Windows key should be pushed 4 times.

IMG_20240404_151841203_HDR~2

IMG_20240404_151846859_HDR~2

IMG_20240404_151851113_HDR~3

@kennyhyun kennyhyun added todo and removed todo labels Apr 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kennyhyun