New
#90
Thanks. Oh well, next laptop...
@Brink the Dell compatibility page might be a nice link for the topic stat post: Windows 10 Enterprise Security: Credential Guard and Device Guard | Dell Nederland
HP has a similar-ish page at (doesn't list required driver versions): HP Manageability Integration Kit Supported Platforms | HP Client Management Solutions ~ this is an Enterprise feature, so good luck getting the info without paying for a ${several}K monthly subscription. Probably downloading every latest driver from SoftPaq will help. Page 56+ of this PDF has some more info (ex: 2015 and later systems are supported): https://ftp.hp.com/pub/caps-softpaq/...Whitepaper.pdf
For Lenovo, Skylake (and newer, I guess) is supported: ThinkPad support for Device Guard and Credential Guard in Microsoft Windows 10 - ThinkPad
Microsoft lists in a presentation
Kaby Lake was available from Q3 2016. But I think this is for the most stringent requirements (e.g. Device Guard is also enabled).Specifically on silicon type, this is from Intel’s 7th generation, Kabylake or later
Example PCs would be:
» Surface Laptop, Book 2, Surface Pro 2017 and newer
» Commercial Laptops: Dell XPS Ultrabooks, Dell Latitudes, HP Elitebooks 1000 series, Lenovo Carbon X1’s
Last edited by Henk Poley; 15 May 2018 at 03:53.
Thank you Henk. I'll add those links to the tutorials below. :)
Enable or Disable Credential Guard in Windows 10 | Windows 10 Tutorials
Enable or Disable Device Guard in Windows 10 | Windows 10 Tutorials
@Henk Poley The Dell Precision 3510 is on the list. The 3520 is the successor. Tech support advised it supports it.
Just because it's a successor doesn't mean that the driver developers of this new laptop paid attention to non-enforced soft requirements. The 3520 is currently not on the list. So unless you have a Precision 3510, which is on the list, you are out of luck.
You may of course try going off their supported driver list and figure out if you can find a set that works.
Maybe this is any help: Windows-Secure-Host-Baseline/Updates.md at master · nsacyber/Windows-Secure-Host-Baseline · GitHub (@brink; maybe one for the topic start too)
Hmm, I managed to enable 'Memory Integrity' on a Sony VAIO VPC-CA2S1E from 2011, with the 'on' register file from the topic start (Windows Defender would bail out muttering about incompatibilities even before asking for a reboot). Though I'm cheating a bit by running the system mostly headless as a backup server, with just the "Microsoft Basic Graphics" driver.
Even the most recent Radeon driver (15.301.1901.0, 26 Februari 2016) for the HD7400M cannot be installed, and gives an error 'Code 39'. They dropped this GPU a year before they became HVCI compliant (16.400.2301.x, 9 December 2016 & 16400.2002.x).
Last edited by Henk Poley; 16 May 2018 at 07:30.
as if one is going to be protected by memory integrity if one does not have common sense and a good AV....
Well, it was fun figuring it out. And the system would hang every 1-2 months. So tightening up the drivers should only improve things.