该主题已关闭以供评论
我也想学习这一点。我认为AHV不支持它。这是我到目前为止发现的
https://docs.microsoft.com/en-us/windows/security/indesity-protection/credential-guard/credential-guard-requirentess
https://portal.nutanix.com/#/page/docs/details?targetID=AHV-ADMIN-GUIDE-V51:VMM-VM-VM-VM-DRIVER-DRIVER-TYPES-R.HTML
https://docs.microsoft.com/en-us/windows/security/indesity-protection/credential-guard/credential-guard-requirentess
硬件和软件要求
为了提供针对OS级别的基本保护,试图阅读凭据Manager域凭据,NTLM和Kerberos衍生的凭据,Windows Defender凭据Guard使用:- 支持基于虚拟化的安全性(必需)
- 固定靴子(必需)
- TPM 1.2或2.0,无论是离散或固件(首选 - 提供对硬件的绑定)
- UEFI锁(首选 - 防止攻击者使用简单的注册表密钥更改禁用)
https://portal.nutanix.com/#/page/docs/details?targetID=AHV-ADMIN-GUIDE-V51:VMM-VM-VM-VM-DRIVER-DRIVER-TYPES-R.HTML
统一的可扩展固件接口(UEFI)支持来宾VM
AHV不支持在UEFI模式下创建的VM。
现在应该已经改变了。显然,您可以设置“ uefi_boot = true” ..如果有效,请分享。我也希望为AHV VM设置凭证守护。
https://portal.nutanix.com/#/page/docs/details?targetId=amf_guide-acr_v4_6:vm__vm__vm_driver_types_r.html
“ SSH进入Nutanix accolis并运行以下命令:acli vm.update uefi_boot = true。”
https://docs.citrix.com/en-us/provisioning/current-release/citrix-provisioning-1909.pdf
https://portal.nutanix.com/#/page/docs/details?targetId=amf_guide-acr_v4_6:vm__vm__vm_driver_types_r.html
“ SSH进入Nutanix accolis并运行以下命令:acli vm.update uefi_boot = true。”
https://docs.citrix.com/en-us/provisioning/current-release/citrix-provisioning-1909.pdf
+3
没有人回馈吗?
显然,VMware也支持这一点:
那么,有人将其用于AHV吗?
嗨,Stevecharon和
Windows Defender凭证守卫的支持肯定即将到来。我现在无法透露细节。我只能说很快。
我还想鼓励您查看与您正在运行的版本最相关的文档。
自5.11以来,UEFI Guest VM得到了支持。AHV管理指南5.15:UEFI对VM的支持。
Nutanix VM上的凭证守护状态是什么?我已经使用UEFI创建了一个新的VM,Secure Boot和启用了凭证Guard,但我无法正常工作。GPO启用了凭证后卫,但仍然不会运行。当我查看设备安全性时,它说“不支持标准硬件安全性”,并且TPM.MSC中没有兼容的TPM。
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">