Share via


Windows Server 2016 Device Guard FAQ

Device guard is quite powerful in blocking unwanted software to run on Windows Server (or Windows 10 client), and it is complex.

This page is intended to help answer some common questions.

Basics

Deployment Guide

 For basics, please check out this TechNet page: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/device-guard-deployment-guide

 

Frequently Asked Questions (FAQ)

Are event logs the only way of monitoring Device Guard behavior? What is the preferred way for an enterprise to monitor if they have code integrity violation attempts?

Eventlog from CodeIntegrity event channel is the primary logging for Code Integrity violations on the machine. However, there are many types of Eventlog monitoring software (a.k.a. SIEM Security Information and Event Management). OMS is one of them.

When the code integrity policy file is deployed to a machine, does it need to be present always? What happens if an attacker with admin privileges deletes the file?

The CI policy is defined by the C:\Windows\System32\CodeIntegrity\Sipolicy.p7b file. There are two ways to deploy it. You can either use a signed policy or unsigned policy. If you use an unsigned policy, it can be removed by an admin, but it does require a reboot, if you are using TPM attestation, this change can be detected.

If you use a signed policy,  the information about the policy is stored in a UEFI boot variable (in the firmware basically). When the policy is being deleted, the machine will fail to boot. There are overhead in managing signed policy file, however, if the server is in a very locked down state, and rarely change any binaries on it, it could be the right solution.

What exactly would happen to any VBS features if the machine’s BIOS settings are not password protected and an attacker disables the hypervisor?

There are two settings when you enable VBS: with UEFI lock or without. With UEFI lock, you can not simply disable VBS even if you have the admin credentials.  If VBS is disabled, the secret held in VBS would not be accessible. The machine can boot normally, but if the machine is attested, the change can be detected.

How do I know if my machine is capable of running Device Guard?

Device Guard has hardware requirement. If you are not sure if your machine is capable of running Device Guard (or Credential Guard), you can run this tool to check it before turning it on.

How should I sign in-house apps?

There are a few ways you can sign your applications. If your company has PKI solutions deployed, you can sign it, or use PackageInspector with Windows Store for Business.

I would like to deploy Device Guard by setting registry keys, how do I do that?

You can deploy device guard using regkeys. Without UEFI lock, administrators on the machine will be able to turn device guard off. With UEFI lock, it requires physical presence to the machine to change the settings.

The following registry keys will enable HVCI (and Credential Guard) on latest Windows 10 and Windows Server 2016 machines:

To enable VBS

'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f'

To enable VBS requiring Secure boot only (value 1) or requiring Secure Boot and DMA (value 3)

'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f'

To enable HVCI

'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f'

To enable HVCI (above key) and lock the configuration in UEFI (value 1) or without locking it in UEFI (value 0)

'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f'

To enable CG and lock the configuration in UEFI (value 1) or without locking it in UEFI (value 2), and to disable CG (value 0)

'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LsaCfgFlags" /t REG_DWORD /d 2 /f'

I have servers with TPM version 1.2, what are the options to upgrade to TPM 2.0?

On some newer HP and Dell computers, you can switch between version 1.2 and 2.0.

TPM upgrade is possible but dependent on hardware vendor and model of PC. Commands to configure/Utilities are provided by the hardware vendor, though it's possible to integrate them into deployment solution such as SCCM or MDT, depending on the utility/commands. 

Windows do not support a TPM upgrade without a reinstall.

Dell: http://en.community.dell.com/techcenter/enterprise-client/w/wiki/11850.how-to-change-tpm-modes-1-2-2-0

HP: http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05192291

In Group Policy, what is the difference between the two platform security levels for VBS?

When Secure Boot setting is selected, if the hardware doesn't support IOMMU, VBS will start without DMA protection; if the hardware supports IOMMU, VBS will start with DMA protection.

When Secure Boot with DMA is selected, VBS will only start if the hardware supports IOMMU.

Credential Guard, Device Guard, are there dependencies in deployment?

Device Guard = two features

  1. Configurable code integrity – an application whitelisting technology that runs as part of the kernel and thus offers greater security than AppLocker or other whitelisting technologies can achieve on windows.
  2. Hypervisor enforced code integrity– A powerful OS mitigation that prevents malware from being able to achieve code execution in the kernel. This is achieved by leveraging the hypervisor to protect the OS’s kernel mode code integrity validation in a protected memory space isolated from the core OS which you may have heard referred to as Virtualization based security (VBS), Virtual Secure Mode (VSM), or SystemContainer. All kernel memory is transferred to the VBS environment for validation and then the memory pages are marked as execute-only before being transferred back to the core OS for execution.

Credential Guard = a credential protection feature that also uses the VBS environment to protect user credentials from being accessible from the OS

Both Device Guard and Credential Guard are exposed via the same GPO called “Turn on Virtualization Based Security” which was unfortunately placed in a folder called “Device Guard” (full path: Computer Configuration\Administrative Templates\System\Device Guard). You CAN enable configurable code integrity without either HVCI or Cred Guard. You CAN enable HVCI without either configurable code integrity or Cred Guard. You CAN enable without either configurable code integrity or HVCI. You CANNOT enable either Cred Guard or HVCI without Virtualization Based Security.