Policy CSP - VirtualizationBasedTechnology
HypervisorEnforcedCodeIntegrity
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity
Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock, 1 - Turns on Hypervisor-Protected Code Integrity with UEFI lock, 2 - Turns on Hypervisor-Protected Code Integrity without UEFI lock.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock. |
1 | (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock. |
2 | (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock. |
Group policy mapping:
Name | Value |
---|---|
Name | VirtualizationBasedSecurity |
Friendly Name | Turn On Virtualization Based Security |
Element Name | Virtualization Based Protection of Code Integrity. |
Location | Computer Configuration |
Path | System > Device Guard |
Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeviceGuard |
ADMX File Name | DeviceGuard.admx |
RequireUEFIMemoryAttributesTable
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable
Require UEFI Memory Attributes Table.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Don't require UEFI Memory Attributes Table. |
1 | Require UEFI Memory Attributes Table. |
Group policy mapping:
Name | Value |
---|---|
Name | VirtualizationBasedSecurity |
Friendly Name | Turn On Virtualization Based Security |
Element Name | Require UEFI Memory Attributes Table. |
Location | Computer Configuration |
Path | System > Device Guard |
Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeviceGuard |
ADMX File Name | DeviceGuard.admx |