今天在打開虛擬機的時候,突然出現下面這個錯誤。網上給了很多教程,基本上都是禁用 Device Guard 和關閉 Hyper-v,博主按照其方法操作,依舊出現下面錯誤。后來經過不懈努力,終於找到解決辦法,這里分享一下。
去訪問提示中的鏈接。
下面直接給出訪問圖中網址獲取到的內容(后面附上譯文)。
Purpose:
This article provides steps to disable Credential Guard or Device Guard for a Windows 10 Enterprise host.
Cause
This issue occurs because Device Guard or Credential Guard is incompatible with Workstation.
Resolution
To disable Device Guard or Credential Guard:
- Disable the group policy setting that was used to enable Credential Guard.
- On the host operating system, click Start > Run, type gpedit.msc, and click Ok. The Local group Policy Editor opens.
- Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security.
- Select Disabled.
- Go to Control Panel > Uninstall a Program > Turn Windows features on or off to turn off Hyper-V.
- Select Do not restart.
- Delete the related EFI variables by launching a command prompt on the host machine using an Administrator account and run these commands:
Note: Ensure X is an unused drive, else change to another drive.mountvol X: /s copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: mountvol X: /d
- Restart the host.
- Accept the prompt on the boot screen to disable Device Guard or Credential Guard.
譯文:
目的
本文提供了為Windows 10 Enterprise主機禁用Credential Guard或Device Guard的步驟。
原因
出現此問題是因為Device Guard或Credential Guard與Workstation不兼容。
解決方案
要禁用 Device Guard 或 Credential Guard:
- 禁用用於啟用Credential Guard的組策略設置。
- 在主機操作系統上,單擊 Start > Run,鍵入gpedit.msc,然后單擊確定。本地組策略編輯器打開。
- 轉到本地計算機策略 > 計算機配置 > 管理模板>系統 > 設備防護 > 打開基於虛擬化的安全性。
- 選擇禁用。
- 轉到控制面板 > 卸載程序 > 打開或關閉 Windows 功能以關閉 Hyper-V。
- 選擇不重啟。
- 通過使用管理員帳戶在主機上啟動命令提示符並運行以下命令來刪除相關的EFI變量:
注:確保 X 是一個未使用的驅動器,否則更改為另一個驅動器。mountvol X:/ s copy%WINDIR%\ System32 \ SecConfig.efi X:\ EFI \ Microsoft \ Boot \ SecConfig.efi / Y bcdedit / create {0cb3b571-2f2e-4343-a879-d86a476d7215} / d“DebugTool”/ application osloader bcdedit / set {0cb3b571-2f2e-4343-a879-d86a476d7215} path“\ EFI \ Microsoft \ Boot \ SecConfig.efi “ bcdedit / set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} bcdedit / set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit / set {0cb3b571-2f2e -4343-a879-d86a476d7215}設備分區= X: mountvol X:/ d
- 重新啟動主機。
- 接受啟動屏幕上的提示以禁用 Device Guard 或 Credential Guard。
按照上述方法,博主成功解決問題。
2020-05-09 18:42:30
今天在一台新的機器上安裝VMware WorkStation Pro15.5.2后,發現按照上述方法仍不能解決。
而后關閉Windows安全中心里面【設備安全性】->【內核隔離】->【內核完整性】,解決問題。
作者:耑新新,發布於 博客園
轉載請注明出處,歡迎郵件交流:zhuanxinxin@aliyun.com