Share via

System Guard: Enabled but not running

Anonymous
2023-11-19T01:56:24+00:00

I'm running Server 2022 Core v21H2. I enabled System Guard in Secured-core, but it shows "System Guard

Enabled but not running".

Not sure what to do from here.

Windows for business | Windows Server | Performance | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-06-09T15:08:26+00:00

    I have followed all of the advice and I have all of the required hardware however, for me, it’s still not working secure launch and firmware protection are still not working.

    Not sure if solved. But this is how i fixed this.

    1. Run cmd as admin

    2. bcdedit /set hypervisorlaunchtype auto

    1. Restart

    3 people found this answer helpful.
    0 comments
  2. Anonymous
    2024-04-18T18:13:17+00:00

    I have followed all of the advice and I have all of the required hardware however, for me, it’s still not working secure launch and firmware protection are still not working.

    3 people found this answer helpful.
    0 comments
  3. Anonymous
    2023-11-20T06:14:05+00:00

    Hello

    Thank you for posting in Microsoft Community forum.

    The issue of “System Guard: Enabled but not running” could be due to a variety of factors. Here are a few things you could check:

    Hardware Requirements: Ensure that your server meets the hardware requirements for Secured Core. This includes a CPU with activated virtualization extensions (Intel VT, AMD-V), UEFI with Secure Boot, and TPM 2.0.

    System Guard Configuration: Verify that System Guard is correctly configured. You can do this by checking the registry settings. The path is HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > DeviceGuard > Scenarios. Under Scenarios, there should be a key named SystemGuard with a DWORD named Enabled set to 1.

    Virtualization Based Security: Make sure that Virtualization Based Security is enabled. You can configure this in the policy value for Computer Configuration >> Administrative Templates >> System >> Device Guard >> Turn On Virtualization Based Security. It should be set to “Enabled” with “Enabled with UEFI lock” selected for "Credential Guard Configuration".

    If you’ve checked all of these and the issue persists, it might be a good idea to refer to the guide on System Guard Secure Launch and SMM protection - Windows Security | Microsoft Learn

    Best Regards,

    Wesley Li

    3 people found this answer helpful.
    0 comments
  4. Anonymous
    2025-01-21T23:54:11+00:00

    I experienced the same issue running Win 2022 Core on Dell PE 360 servers.

    Steps I followed to resolve:

    1. Enable Kernel DMA in Bios (Processor settings).
    2. HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > DeviceGuard > Scenarios. Under Scenarios, there should be a key named SystemGuard with a DWORD named Enabled set to 1. This was already set.
    3. >> Administrative Templates >> System >> Device Guard >> Turn On Virtualization Based Security. It should be set to “Enabled” with “Select Platform Security Level to Secure Boot” and “Enabled with UEFI lock” selected for "Credential Guard Configuration".
    4. Run cmd as admin > bcdedit /set hypervisorlaunchtype auto
    5. Restart Core machine

    Not sure if all the steps above are needed….but is worked for me.

    0 comments