gpupdate /force
in an elevated command prompt.Get-CimInstance –ClassName Win32_DeviceGuard –Namespace rootMicrosoftWindowsDeviceGuard
Value | Description |
---|---|
0. | If present, no relevant properties exist on the device. |
1. | If present, hypervisor support is available. |
2. | If present, Secure Boot is available. |
3. | If present, DMA protection is available. |
4. | If present, Secure Memory Overwrite is available. |
5. | If present, NX protections are available. |
6. | If present, SMM mitigations are available. |
7. | If present, Mode Based Execution Control is available. |
Value | Description |
---|---|
0. | Nothing is required. |
1. | If present, hypervisor support is needed. |
2. | If present, Secure Boot is needed. |
3. | If present, DMA protection is needed. |
4. | If present, Secure Memory Overwrite is needed. |
5. | If present, NX protections are needed. |
6. | If present, SMM mitigations are needed. |
7. | If present, Mode Based Execution Control is needed. |
Value | Description |
---|---|
0. | No services configured. |
1. | If present, Windows Defender Credential Guard is configured. |
2. | If present, HVCI is configured. |
3. | If present, System Guard Secure Launch is configured. |
Value | Description |
---|---|
0. | No services running. |
1. | If present, Windows Defender Credential Guard is running. |
2. | If present, HVCI is running. |
3. | If present, System Guard Secure Launch is running. |
Value | Description |
---|---|
0. | VBS is not enabled. |
1. | VBS is enabled but not running. |
2. | VBS is enabled and running. |
Set-VMSecurity
.Set-VMSecurity
.