Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Windows]Enable Credential Guard for Windows Server #471

Merged
merged 1 commit into from
Jun 8, 2023
Merged

[Windows]Enable Credential Guard for Windows Server #471

merged 1 commit into from
Jun 8, 2023

Conversation

123lzxm
Copy link
Collaborator

@123lzxm 123lzxm commented Jun 7, 2023

Enable Windows Defender Credential Guard:

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
Add a new DWORD value named LsaCfgFlags. Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it.

@vmwclabot
Copy link
Member

@123lzxm, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@123lzxm
Copy link
Collaborator Author

123lzxm commented Jun 7, 2023 

1. Windows Server 2022 GA
VM information:
+------------------------------------------------------------------------------------------+
| Name                      | winsrv_2022_ga                                        |
+------------------------------------------------------------------------------------------+
| Guest OS Distribution     | Microsoft Windows Server 2022 Datacenter 10.0.20348.0 64-bit |
+------------------------------------------------------------------------------------------+
| IP                        |                                              |
+------------------------------------------------------------------------------------------+
| Hardware Version          | vmx-20                                                       |
+------------------------------------------------------------------------------------------+
| VMTools Version           |                                                              |
+------------------------------------------------------------------------------------------+
| Config Guest Id           | windows2019srvNext_64Guest                                   |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Id        |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Full Name |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Family    |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Detailed Data   |                                                              |
+------------------------------------------------------------------------------------------+


Test Results (Total: 2, Passed: 2, Elapsed Time: 00:34:38)
+------------------------------------------------------------+
| ID | Name                             | Status | Exec Time |
+------------------------------------------------------------+
|  1 | deploy_vm_efi_lsilogicsas_e1000e | Passed | 00:18:16  |
|  2 | vbs_enable_disable               | Passed | 00:13:29  |
+------------------------------------------------------------+

2. Windows vNext build 25346
VM information:
+------------------------------------------------------------------------------------------+
| Name                      | winsrv_25346                                          |
+------------------------------------------------------------------------------------------+
| Guest OS Distribution     | Microsoft Windows Server 2022 Datacenter 10.0.25346.0 64-bit |
+------------------------------------------------------------------------------------------+
| IP                        |                                              |
+------------------------------------------------------------------------------------------+
| Hardware Version          | vmx-20                                                       |
+------------------------------------------------------------------------------------------+
| VMTools Version           |                                                              |
+------------------------------------------------------------------------------------------+
| Config Guest Id           | windows2019srvNext_64Guest                                   |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Id        |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Full Name |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Family    |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Detailed Data   |                                                              |
+------------------------------------------------------------------------------------------+


Test Results (Total: 2, Passed: 2, Elapsed Time: 00:34:03)
+------------------------------------------------------------+
| ID | Name                             | Status | Exec Time |
+------------------------------------------------------------+
|  1 | deploy_vm_efi_lsilogicsas_e1000e | Passed | 00:18:39  |
|  2 | vbs_enable_disable               | Passed | 00:12:28  |
+------------------------------------------------------------+

3.Windows vNext build 25379

VM information:
+------------------------------------------------------------------------------------------+
| Name                      | winsrv_25379                                          |
+------------------------------------------------------------------------------------------+
| Guest OS Distribution     | Microsoft Windows Server 2022 Datacenter 10.0.25379.0 64-bit |
+------------------------------------------------------------------------------------------+
| IP                        |                                                |
+------------------------------------------------------------------------------------------+
| Hardware Version          | vmx-20                                                       |
+------------------------------------------------------------------------------------------+
| VMTools Version           |                                                              |
+------------------------------------------------------------------------------------------+
| Config Guest Id           | windows2019srvNext_64Guest                                   |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Id        |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Full Name |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Guest Family    |                                                              |
+------------------------------------------------------------------------------------------+
| GuestInfo Detailed Data   |                                                              |
+------------------------------------------------------------------------------------------+


Test Results (Total: 2, Passed: 1, Skipped: 1, Elapsed Time: 00:12:37)
+-------------------------------------------------+
| ID | Name               |   Status  | Exec Time |
+-------------------------------------------------+
|  1 | deploy_vm          | * Skipped | 00:00:01  |
|  2 | vbs_enable_disable |   Passed  | 00:09:11  |
+-------------------------------------------------+

@123lzxm
Enable Credential Guard in Windows Server
286f4ee 
Address comments

Signed-off-by: Yanan Shen <yanans@vmware.com>
@keirazhang keirazhang added this to the v3.0 milestone Jun 8, 2023
keirazhang
keirazhang approved these changes Jun 8, 2023
View reviewed changes
Copy link
Contributor

@keirazhang keirazhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@123lzxm 123lzxm merged commit 7a9ee60 into vmware:main Jun 8, 2023
@123lzxm 123lzxm deleted the fix-winsrv-vbs branch June 13, 2023 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keirazhang keirazhang keirazhang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@123lzxm @vmwclabot @keirazhang