Life is fun and easy!
不正IP報告数
Okan Sensor
ページへ戻る
印刷
Windows10/DeviceGuard_CredentialGuard
をテンプレートにして作成 ::
UJP
tech_regist2
:Windows10/DeviceGuard_CredentialGuard をテンプレートにして作成
開始行:
*Windows 10 Professionalで,Device GuardとCredential Guar...
**はじめに
2015年のWindows 10のアップデートから,Device Guardと...
一般ユーザが許可してないアプリを起動できなくなるし,許...
ただし,動作させるためには諸条件をクリアする必要がある.
-Windows 10 EnterpriseやWindows 10 Education
-Windows 10は64bit版に限る
-Windows 10 1607以降
-BIOS UEFI 2.3.1
-TPM2.0
-BIOSロックダウン
-セキュアブート
これらはCredentilal Guardというセキュリティフレームワー...
Credential GuardはMicrosoftの仮想化機能のHyper-Vを使っ...
今回は,Device Guard and Credential Guard hardware read...
**入手
以下のURLからダウンロードする.
Device Guard and Credential Guard hardware readiness tool
https://www.microsoft.com/en-us/download/details.aspx?id=...
ファイルを展開すると,次のようなディレクトリ&ファイル...
#ref(site://modules/xelfinder/index.php?page=view&file=65...
ツールはPowerShellで作成されていることがわかる.
**Usageを確認
PowerShellを起動する.
入手したDG_Readiness_Toolそのまま実行すると,次のように...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
How to read the output:
1. Red Errors: Basic things are missing that will preve...
2. Yellow Warnings: This device can be used to enable a...
3. Green Messages: This device is fully compliant with ...
########################################################...
Hardware requirements for enabling Device Guard and Cred...
1. Hardware: Recent hardware that supports virtualizati...
########################################################...
Usage: DG_Readiness.ps1 -[Capable/Ready/Enable/Disable/C...
Log file with details is found here: C:\DGLogs
To Enable DG/CG. If you have a custom SIPolicy.p7b then ...
Usage: DG_Readiness.ps1 -Enable OR DG_Readiness.ps1 -Ena...
To Enable only HVCI🈁
Usage: DG_Readiness.ps1 -Enable -HVCI
To Enable only CG🈁
Usage: DG_Readiness.ps1 -Enable -CG
To Verify if DG/CG is enabled🈁
Usage: DG_Readiness.ps1 -Ready
To Disable DG/CG.🈁
Usage: DG_Readiness.ps1 -Disable
To Verify if DG/CG is disabled🈁
Usage: DG_Readiness.ps1 -Ready
To Verify if this device is DG/CG Capable
Usage: DG_Readiness.ps1 -Capable
To Verify if this device is HVCI Capable
Usage: DG_Readiness.ps1 -Capable -HVCI
To Auto reboot with each option
Usage: DG_Readiness.ps1 -[Capable/Enable/Disable] -AutoR...
########################################################...
Readiness Tool with '-capable' is run the following RegK...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Devi...
CG_Capable
DG_Capable
HVCI_Capable
Value 0 = not possible to enable DG/CG/HVCI on this device
Value 1 = not fully compatible but has sufficient firmwa...
Value 2 = fully compatible for DG/CG/HVCI
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
with Windows 10, version 1703 or later with English loca...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
**Enable HVCI
Windows 10でハイパーバイザーで保護されているコード整合...
HVCIには次ような機能がある.
-コード フロー ガード (CFG) ビットマップの変更を保護する
-Credential Guard などその他の Truslets に有効な証明書が...
-HVCI をサポートしたEV (拡張検証) 証明書が最新のデバイス ...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Enabling Device Guard and Credential Guard🈁
Setting RegKeys to enable DG/CG🈁
Enabling Hyper-V and IOMMU
Enabling Hyper-V failed please check the log file
Please reboot the machine, for settings to be applied.🈁
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
Device GuardとCredential Guardが有効になった模様.リブ...
**状態を確認
HVCIを有効にしたが,現在の状態を確認してみる.
PS C:\Users\ujpadmin> cd C:\Users\ujpadmin\Desktop\dgrea...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Not an Admin user, pls execute this script as an Admin u...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
Admin権限のないユーザで実行した場合にエラーがでている.
PowerShellを管理者権限で実行して,再度コマンドを投入す...
PS C:\WINDOWS\system32> cd C:\Users\ujpadmin\Desktop\dgr...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Credential-Guard is not running.🈁
HVCI is not running.🈁
Config-CI is not running. (Not Enabled)
Not all services are running.🈁
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
動作してなかった模様...
**Enable -CG
Enable -CGによって,Credential Guardのみ有効にしてみる.
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Enabling Device Guard and Credential Guard
Setting RegKeys to enable DG/CG
Enabling Hyper-V and IOMMU
Enabling Hyper-V failed please check the log file
Please reboot the machine, for settings to be applied.🈁
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
リブートすることで有効になる.
**Enableを実行
DGおよびCGを有効にする.
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Enabling Device Guard and Credential Guard
Setting RegKeys to enable DG/CG
Enabling Hyper-V and IOMMU
Enabling Hyper-V failed please check the log file
Please reboot the machine, for settings to be applied.
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
確認してみる.
PS C:\WINDOWS\system32> cd C:\Users\ujpadmin\Desktop\dgr...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Credential-Guard is not running.
HVCI is not running.
Config-CI is enabled and running. (Enforced mode)🈁
Not all services are running.
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
やっと動いた.
終了行:
*Windows 10 Professionalで,Device GuardとCredential Guar...
**はじめに
2015年のWindows 10のアップデートから,Device Guardと...
一般ユーザが許可してないアプリを起動できなくなるし,許...
ただし,動作させるためには諸条件をクリアする必要がある.
-Windows 10 EnterpriseやWindows 10 Education
-Windows 10は64bit版に限る
-Windows 10 1607以降
-BIOS UEFI 2.3.1
-TPM2.0
-BIOSロックダウン
-セキュアブート
これらはCredentilal Guardというセキュリティフレームワー...
Credential GuardはMicrosoftの仮想化機能のHyper-Vを使っ...
今回は,Device Guard and Credential Guard hardware read...
**入手
以下のURLからダウンロードする.
Device Guard and Credential Guard hardware readiness tool
https://www.microsoft.com/en-us/download/details.aspx?id=...
ファイルを展開すると,次のようなディレクトリ&ファイル...
#ref(site://modules/xelfinder/index.php?page=view&file=65...
ツールはPowerShellで作成されていることがわかる.
**Usageを確認
PowerShellを起動する.
入手したDG_Readiness_Toolそのまま実行すると,次のように...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
How to read the output:
1. Red Errors: Basic things are missing that will preve...
2. Yellow Warnings: This device can be used to enable a...
3. Green Messages: This device is fully compliant with ...
########################################################...
Hardware requirements for enabling Device Guard and Cred...
1. Hardware: Recent hardware that supports virtualizati...
########################################################...
Usage: DG_Readiness.ps1 -[Capable/Ready/Enable/Disable/C...
Log file with details is found here: C:\DGLogs
To Enable DG/CG. If you have a custom SIPolicy.p7b then ...
Usage: DG_Readiness.ps1 -Enable OR DG_Readiness.ps1 -Ena...
To Enable only HVCI🈁
Usage: DG_Readiness.ps1 -Enable -HVCI
To Enable only CG🈁
Usage: DG_Readiness.ps1 -Enable -CG
To Verify if DG/CG is enabled🈁
Usage: DG_Readiness.ps1 -Ready
To Disable DG/CG.🈁
Usage: DG_Readiness.ps1 -Disable
To Verify if DG/CG is disabled🈁
Usage: DG_Readiness.ps1 -Ready
To Verify if this device is DG/CG Capable
Usage: DG_Readiness.ps1 -Capable
To Verify if this device is HVCI Capable
Usage: DG_Readiness.ps1 -Capable -HVCI
To Auto reboot with each option
Usage: DG_Readiness.ps1 -[Capable/Enable/Disable] -AutoR...
########################################################...
Readiness Tool with '-capable' is run the following RegK...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Devi...
CG_Capable
DG_Capable
HVCI_Capable
Value 0 = not possible to enable DG/CG/HVCI on this device
Value 1 = not fully compatible but has sufficient firmwa...
Value 2 = fully compatible for DG/CG/HVCI
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
with Windows 10, version 1703 or later with English loca...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
**Enable HVCI
Windows 10でハイパーバイザーで保護されているコード整合...
HVCIには次ような機能がある.
-コード フロー ガード (CFG) ビットマップの変更を保護する
-Credential Guard などその他の Truslets に有効な証明書が...
-HVCI をサポートしたEV (拡張検証) 証明書が最新のデバイス ...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Enabling Device Guard and Credential Guard🈁
Setting RegKeys to enable DG/CG🈁
Enabling Hyper-V and IOMMU
Enabling Hyper-V failed please check the log file
Please reboot the machine, for settings to be applied.🈁
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
Device GuardとCredential Guardが有効になった模様.リブ...
**状態を確認
HVCIを有効にしたが,現在の状態を確認してみる.
PS C:\Users\ujpadmin> cd C:\Users\ujpadmin\Desktop\dgrea...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Not an Admin user, pls execute this script as an Admin u...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
Admin権限のないユーザで実行した場合にエラーがでている.
PowerShellを管理者権限で実行して,再度コマンドを投入す...
PS C:\WINDOWS\system32> cd C:\Users\ujpadmin\Desktop\dgr...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Credential-Guard is not running.🈁
HVCI is not running.🈁
Config-CI is not running. (Not Enabled)
Not all services are running.🈁
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
動作してなかった模様...
**Enable -CG
Enable -CGによって,Credential Guardのみ有効にしてみる.
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Enabling Device Guard and Credential Guard
Setting RegKeys to enable DG/CG
Enabling Hyper-V and IOMMU
Enabling Hyper-V failed please check the log file
Please reboot the machine, for settings to be applied.🈁
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
リブートすることで有効になる.
**Enableを実行
DGおよびCGを有効にする.
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Enabling Device Guard and Credential Guard
Setting RegKeys to enable DG/CG
Enabling Hyper-V and IOMMU
Enabling Hyper-V failed please check the log file
Please reboot the machine, for settings to be applied.
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
確認してみる.
PS C:\WINDOWS\system32> cd C:\Users\ujpadmin\Desktop\dgr...
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6> .\DG_Read...
########################################################...
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Gu...
########################################################...
Running on a Virtual Machine. DG/CG is supported only if...
########################################################...
OS and Hardware requirements for enabling Device Guard a...
1. OS SKUs: Available only on these OS Skus - Enterpris...
2. Hardware: Recent hardware that supports virtualizati...
To learn more please visit: https://aka.ms/dgwhcr
########################################################...
Credential-Guard is not running.
HVCI is not running.
Config-CI is enabled and running. (Enforced mode)🈁
Not all services are running.
PS C:\Users\ujpadmin\Desktop\dgreadiness_v3.6>
やっと動いた.
ページ名:
![[PukiWiki]](http://www.ujp.jp/modules/tech_regist2/image/pukiwiki.png "[PukiWiki]")