Website under construction



Download 13,37 Mb.
Pdf ko'rish
bet100/131
Sana27.03.2022
Hajmi13,37 Mb.
#512480
1   ...   96   97   98   99   100   101   102   103   ...   131
Bog'liq
9780735697744 Introducing Windows Server 2016 pdf

Requirement 
Description 
Windows Server 2016 S 
Credential Guard is available on all Windows Server 2016 SKUs except 
for Nano Server (because Nano Server only supports remote 
management). 
UEFI firmware version 2.3.1 
or higher and Secure Boot 
To verify that the firmware is using UEFI version 2.3.1 or higher 
and Secure Boot, you can validate it against the 
System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby 
Windows Hardware Compatibility Program requirement. 
Virtualization extensions 
The following virtualization extensions are required to support 
virtualization-based security: 

Intel VT-x or AMD-V 

Second Level Address Translation 
x64 architecture 
The features that virtualization-based security uses in the Windows 
hypervisor can run only on a 64-bit PC. 
A VT-d or AMD-Vi IOMMU 
An IOMMU enhances system resiliency against memory attacks. 
TPM version 1.2 or 2.0 
Note: If you don't have a TPM installed, Credential Guard will still be 
turned on, but the keys used to encrypt Credential Guard will not be 
protected by the TPM. 
The firmware is updated for 
Secure MOR 
Credential Guard requires the secure MOR bit to help prevent certain 
memory attacks. 


113 
CHAPTER 4 | Security and identity 
implementation 
Physical PC or VM 
Credential Guard is supported on both physical machines or virtual 
machines. For virtual machine, the Hypervisor needs to support 
nested virtualization. 
The simplest way to get Credential Guard implemented for your organization is to turn it on via Group 
Policy and designate the machines in your enterprise for which you want to apply it. 
From the Group Policy Management Console, create a new group policy or edit an existing one. Then, 
go to Computer Configuration > Administrative Templates > System > Device Guard. 
Double-click Turn On Virtualization Based Security, and then, in the dialog box that opens (see Figure 
4-2), select the Enabled option. In the Select Platform Security Level list box, choose Secure Boot or 
Secure Boot And DMA Protection. In the Credential Guard Configuration list box, select Enabled With 
UEFI lock, and then click OK. If you want to be able to turn off Credential Guard remotely, in the 
Credential Guard Configuration list box, choose Enabled Without Lock instead of Enabled With 
UEFI Lock. 

Download 13,37 Mb.

Do'stlaringiz bilan baham:
1   ...   96   97   98   99   100   101   102   103   ...   131




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish