Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
FSM-PO-SEC-C-ZTA_Servers
Data collected on: 2-9-2025 12:29:21
General
Details
Domainemea.tpg.ads
OwnerEMEA\poincon.7-adm
Created9-1-2025 11:16:44
Modified3-4-2025 11:04:50
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions63 (AD), 63 (SYSVOL)
Unique ID{928579d6-1360-4fd0-a486-722ee158a85a}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ServersNoEnabledemea.tpg.ads/FR/Systems/Servers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\FSM-L-SEC-GPO-ZTA_Servers
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\FR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\FSM-L-SEC-GPO-ZTA_ServersRead (from Security Filtering)No
EMEA\poincon.7-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
System Services
Windows Insider Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
System/Device Guard
PolicySettingComment
Turn On Virtualization Based SecurityEnabledCO :
Kernel Mode Code Integrity: Enabled
Credential Guard: Enabled
Hypervisor Code Integrity: Enabled
Virtual Secure Mode: Enabled
System Management Mode Protections: Enable
Select Platform Security Level:Secure Boot and DMA Protection
Virtualization Based Protection of Code Integrity:Enabled without lock
Require UEFI Memory Attributes TableEnabled
Credential Guard Configuration:Enabled without lock
Secure Launch Configuration:Enabled
Kernel-mode Hardware-enforced Stack Protection:Enabled in enforcement mode
System/Kernel DMA Protection
PolicySettingComment
Enumeration policy for external devices incompatible with Kernel DMA ProtectionEnabledEnable Memory Access Protection
Enumeration policyOnly while logged in (default)
Windows Components/Windows Update/Manage updates offered from Windows Update
PolicySettingComment
Manage preview buildsNot ConfiguredDisabled Windows Insider Program - CO
Preferences
Windows Settings
Registry
Hardware_HVCI_Off (Order: 1)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows Security Health\State
Value nameHardware_HVCI_Off
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Enable Kernel Mode Code Integrity - CO
MorBehavior (Order: 2)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSoftware\Policies\Microsoft\FVE
Value nameMorBehavior
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Enable Memory Overwrite Request Control - CO
EnableVirtualizationBasedSecurity (Order: 3)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\DeviceGuard
Value nameEnableVirtualizationBasedSecurity
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Enable Hypervisor Code Integrity (Strict Mode) - CO Notas: https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#enable-memory-integrity-using-group-policy
RequirePlatformSecurityFeatures (Order: 4)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\DeviceGuard
Value nameRequirePlatformSecurityFeatures
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Enable Hypervisor Code Integrity (Strict Mode) - CO Notas: https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#enable-memory-integrity-using-group-policy
Locked (Order: 5)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\DeviceGuard
Value nameLocked
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Enable Hypervisor Code Integrity (Strict Mode) - CO Notas: https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#enable-memory-integrity-using-group-policy
Enabled (Order: 6)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
Value nameEnabled
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Enable Hypervisor Code Integrity (Strict Mode) - CO Notas: https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#enable-memory-integrity-using-group-policy
Locked (Order: 7)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
Value nameLocked
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Enable Hypervisor Code Integrity (Strict Mode) - CO https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#enable-memory-integrity-using-group-policy
WasEnabledBy (Order: 8)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
Value nameWasEnabledBy
Value typeREG_DWORD
Value data0x2 (2)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Avaiable Mode-based execution control - CO Notas: https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#enable-memory-integrity-using-group-policy
MinVmVersionForCpuBasedMitigations (Order: 9)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization
Value nameMinVmVersionForCpuBasedMitigations
Value typeREG_SZ
Value data1.0
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Branch Target Injection Mitigation: not disabled in the registry - CO Notas: https://support.microsoft.com/en-au/topic/kb4072698-windows-server-and-azure-stack-hci-guidance-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-2f965763-00e2-8f98-b632-0d96f30c8c8e
HypervisorEnforcedCodeIntegrity (Order: 10)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\DeviceGuard
Value nameHypervisorEnforcedCodeIntegrity
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Enable Hypervisor Code Integrity (Strict Mode) - CO Notas: https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#enable-memory-integrity-using-group-policy
User Configuration (Disabled)
No settings defined.