Windows下慎用内核隔离

1. 开启内核隔离后只能通过注册表关闭
 
2. 开启内核隔离后, 默认会启动hybrid-v, 这个东西和虚拟机是冲突的, 这样就用不了虚拟机了.
 
3. 解决方法:
关闭内核隔离后, 再关闭已经开启的hybrid-v
基本参考下面, 可能要重复几次才能有效的关闭hybrid-v
 
Powering on a vm in VMware Workstation on Windows 10 host where Credential Guard/Device Guard is enabled fails with BSOD (2146361)
Symptoms
Powering on a virtual machine in VMware Workstation prior to version 12.5 on a Windows 10 host where Credential Guard or Device Guard is enabled fails with a blue diagnostic screen (BSOD).
From VMware Workstation 12.5, you see error similar to:
 
VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard.
 
 
For more information, see Windows 10 host where Credential Guard or Device Guard is enabled fails when running Workstation (2146361)
Purpose
This article provides steps to disable Credential Guard or Device Guard for a Windows 10 Enterprise host.
Cause
This issue occurs because Device Guard or Credential Guard is incompatible with Workstation.
Resolution
To disable Device Guard or Credential Guard:
Disable the group policy setting that was used to enable Credential Guard.
On the host operating system, click Start > Run, type gpedit.msc, and click Ok. The Local group Policy Editor opens.
Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security.
Select Disabled.
 
Go to Control Panel > Uninstall a Program > Turn Windows features on or off to turn off Hyper-V.
Select Do not restart.
Delete the related EFI variables by launching a command prompt on the host machine using an Administrator account and run these commands:
 
mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d
 
Note: Ensure X is an unused drive, else change to another drive.
 
Restart the host.
Accept the prompt on the boot screen to disable Device Guard or Credential Guard.
Related Information

 

转载于:https://www.cnblogs.com/JiangOil/p/10513923.html

发布了171 篇原创文章 · 获赞 36 · 访问量 18万+
展开阅读全文
评论将由博主筛选后显示,对所有人可见 | 还能输入1000个字符

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 大白 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览