我正在尝试在我的 Windows 10 Pro v1809 副本上启用 Credential Guard。我从 Microsoft 网站下载了 DG_Readiness_Tool_v3.5,并在 Powershell 上运行它,但结果如下:
###########################################################################
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Guard and Credential Guard.
###########################################################################
###########################################################################
OS and Hardware requirements for enabling Device Guard and Credential Guard
1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education, Enterprise IoT, Pro, and Home
2. Hardware: Recent hardware that supports virtualization extension with SLAT
To learn more please visit: https://aka.ms/dgwhcr
###########################################################################
Checking if the device is DG/CG Capable
====================== Step 1 Driver Compat ======================
Driver verifier already enabled
====================== Step 2 Secure boot present ======================
Secure Boot is present
====================== Step 3 MS UEFI HSTI tests ======================
Copying HSTITest.dll
HSTI Duple Count: 0
HSTI Blob size: 0
String:
HSTIStatus: False
HSTI is absent
====================== Step 4 OS Architecture ======================
Unknown architecture
====================== Step 5 Supported OS SKU ======================
This PC edition is Supported for DeviceGuard
====================== Step 6 Virtualization Firmware ======================
Virtualization firmware check passed
====================== Step 7 TPM version ======================
TPM 2.0 is present.
====================== Step 8 Secure MOR ======================
Secure MOR is absent
====================== Step 9 NX Protector ======================
NX Protector is absent
====================== Step 10 SMM Mitigation ======================
SMM Mitigation is absent
====================== End Check ======================
====================== Summary ======================
Machine is not Device Guard / Credential Guard compatible because of the following:
Unknown OS, OS Architecture failure..
HSTI is absent
Secure MOR is absent
NX Protector is absent
SMM Mitigation is absent
为什么显示“未知操作系统,操作系统架构故障”?我发现这在微软论坛上但没有解决方案。
答案1
Credential Guard 仅在 Windows 10 企业版中可用。因此,如果您使用的是专业版或教育版,则默认情况下不会在您的 Windows 版本上看到此功能。要安装,您的计算机应支持安全启动和 64 位虚拟化。
要启用或打开 Credential Guard:
运行
gpedit.msc打开组策略编辑器。导航 :
Computer Configuration > Administrative Templates > System > Device Guard双击
Turn On Virtualization Based Security并选择已启用。在“平台安全级别框”中,选择“安全启动”或“安全启动和 DMA 保护”
在“Credential Guard 配置”中,单击
Enabled with UEFI lock,然后单击“确定”。单击“应用/确定”并退出。
重新启动计算机。
仔细阅读“帮助”框中的文字,以确保做出正确的选择。
参考 :
答案2
为什么显示“未知操作系统,操作系统架构故障”?我在 Microsoft论坛但它没有解决方案。
这是由于脚本本身的错误造成的。但是,您运行的也不是受支持的 Windows 10 版本。因此,即使您修复了脚本,也并不意味着如果您运行的是 Windows 10 Professional,您将能够启用 Credential Guard。
好的,我发现操作系统架构失败源于区分大小写的字符串比较,因此忽略输出“64 位”,因为它正在寻找“64 位”。
您必须更正,.\DG_Readiness_Tool_v2.1.ps1以便脚本正确检测架构。看起来确实如此,但是,一旦脚本正确检测到您的架构,它就会错误地通知您您的设备已准备好启用 Device Guard 和 Credential Guard。
值得注意的是,这些是企业功能,因此仅包含在 Windows Enterprise 客户端中。
资料来源: