Credential Guard without tools

When you deploy new machines with Windows 10 1607 and want to enable Credential Guards one of the things will want to do is prepare Hyper-V and Isolated User Mode so it is preinstalled so the end users do not get affected during enablement.

First off lets talk about Isolated User Mode, this was previously a stand alone feature that was required but starting with v1607 this has been included into the Hyper-V role. This means that there is one less feature for you to enable and keep track of.

Next we need to enable Hyper-V and the only features you need are the Hyper-V services and Hyper-V platform. This can be achieved using the Install Roles and Features step in MDT. In your sequence before the Windows Update step add a group and add the steps as show below.

Start with a Install Roles and Features step and then add a Restart Computer step and finish with Run Command Line step. Configure the Install Roles and Feature step as follow, check Hyper-V Platform, Hyper-V Hypervisor and Hyper-V Services.

AddHyperV

For the Run Command Line step add the following information:
Dism /online /disable-feature /featurename:Microsoft-Hyper-V-Tools-All /Norestart

RemoveTools

This will ensure that when the computer is finished deploying it will have the necessary roles and features for credential guard but end users won’t see the management tools.

 

Happy Deploying

/Peter

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s