 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.109604 |
| Category: | Policy |
| Title: | Microsoft Windows: Turn On Virtualization Based Security (Credential Guard Configuration) |
| Summary: | Specifies whether Virtualization Based Security is enabled.;;Virtualization Based Security uses the Windows Hypervisor to provide support for security services.;Virtualization Based Security requires Secure Boot, and can optionally be enabled with the use of;DMA Protections. DMA protections require hardware support and will only be enabled on correctly;configured devices.;;Credential Guard;;This setting lets users turn on Credential Guard with virtualization-based security to help protect;credentials.;;The 'Disabled' option turns off Credential Guard remotely if it was previously turned on with the;'Enabled without lock' option.;;The 'Enabled with UEFI lock' option ensures that Credential Guard cannot be disabled remotely. In;order to disable the feature, you must set the Group Policy to 'Disabled' as well as remove the;security functionality from each computer, with a physically present user, in order to clear;configuration persisted in UEFI.;;The 'Enabled without lock' option allows Credential Guard to be disabled remotely by using Group;Policy. The devices that use this setting must be running at least Windows 10 (Version 1511).;;The 'Not Configured' option leaves the policy setting undefined. Group Policy does not write the;policy setting to the registry, and so it has no impact on computers or users. If there is a current;setting in the registry it will not be modified.;;(C) 2015 Microsoft Corporation. |
| Description: | Summary: Specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot, and can optionally be enabled with the use of DMA Protections. DMA protections require hardware support and will only be enabled on correctly configured devices. Credential Guard This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials. The 'Disabled' option turns off Credential Guard remotely if it was previously turned on with the 'Enabled without lock' option. The 'Enabled with UEFI lock' option ensures that Credential Guard cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to 'Disabled' as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI. The 'Enabled without lock' option allows Credential Guard to be disabled remotely by using Group Policy. The devices that use this setting must be running at least Windows 10 (Version 1511). The 'Not Configured' option leaves the policy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on computers or users. If there is a current setting in the registry it will not be modified. (C) 2015 Microsoft Corporation. CVSS Score: 0.0 CVSS Vector: AV:L/AC:H/Au:S/C:N/I:N/A:N |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |