How to Verify if Device Guard is Enabled or Disabled in Windows 10
Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 (available in Enterprise and Education desktop SKUs and in all Server SKUs) to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
Device Guard references: (recommend to read)
- Device Guard hardware requirements | Microsoft Docs
- Device Guard deployment guide (Windows 10)
- Introduction to Device Guard - virtualization-based security and code integrity policies (Windows 10)
- Requirements and deployment planning guidelines for Device Guard (Windows 10)
- Planning and getting started on the Device Guard deployment process (Windows 10)
- Deploy Device Guard - deploy code integrity policies (Windows 10)
- Deploy Device Guard - enable virtualization-based security (Windows 10)
- Windows 10 Device Guard and Credential Guard Demystified
This tutorial will show you how to verify if Device Guard virtualization-based security is enable or disable on your Windows 10 Enterprise or Windows 10 Education PC.
Contents
- Option One: To Verify if Device Guard is Enabled or Disabled in System Information
- Option Two: To Verify if Device Guard is Enabled or Disabled in PowerShell
1. Press the Win+R keys to open Run, type msinfo32, and click/tap on OK to open System Information. (see screenshot below)
2. The Device Guard properties (if enabled and running) are displayed at the bottom of the System Summary section.
1. Open PowerShell.
2. Enter the command below into PowerShell, and press Enter.
Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard
3. The output of this command provides details of the available hardware-based security features as well as those features that are currently enabled.
Properties Description Valid values AvailableSecurityProperties This field helps to enumerate and report state on the relevant security properties for Device Guard.
- 0. If present, no relevant properties exist on the device.
- 1. If present, hypervisor support is available.
- 2. If present, Secure Boot is available.
- 3. If present, DMA protection is available.
- 4. If present, Secure Memory Overwrite is available.
- 5. If present, NX protections are available.
- 6. If present, SMM mitigations are available.
- 7. If present, MBEC/GMET is available.
- 8. If present, APIC virtualization is available.
InstanceIdentifier A string that is unique to a particular device. Determined by WMI. RequiredSecurityProperties This field describes the required security properties to enable virtualization-based security.
- 0. Nothing is required.
- 1. If present, hypervisor support is needed.
- 2. If present, Secure Boot is needed.
- 3. If present, DMA protection is needed.
- 4. If present, Secure Memory Overwrite is needed.
- 5. If present, NX protections are needed.
- 6. If present, SMM mitigations are needed.
- 7. If present, MBEC/GMET is needed.
SecurityServicesConfigured This field indicates whether the Credential Guard or HVCI service has been configured.
- 0. No services configured.
- 1. If present, Credential Guard is configured.
- 2. If present, HVCI is configured.
- 3. If present, System Guard Secure Launch is configured.
- 4. If present, SMM Firmware Measurement is configured.
SecurityServicesRunning This field indicates whether the Credential Guard or HVCI service is running.
- 0. No services running.
- 1. If present, Credential Guard is running.
- 2. If present, HVCI is running.
- 3. If present, System Guard Secure Launch is running.
- 4. If present, SMM Firmware Measurement is running.
Version This field lists the version of this WMI class. The only valid value now is 1.0. VirtualizationBasedSecurityStatus This field indicates whether VBS is enabled and running.
- 0. VBS is not enabled.
- 1. VBS is enabled but not running.
- 2. VBS is enabled and running.
PSComputerName This field lists the computer name. All valid values for computer name.
That's it,
Shawn
Related Tutorials
- How to Enable or Disable Device Guard in Windows 10
- How to Verify if Credential Guard is Enabled or Disabled in Windows 10