question

GordonThomas-6194 avatar image
0 Votes"
GordonThomas-6194 asked GordonThomas-6194 answered

Any risks in creating HGS Guardian?

I have a Windows Server 2019 with no physical TPM chip. I want to add a new Windows 11 VM to the several older VMs in Hyper-V on the box. If I run the Powershell scripts such as:

New-HgsGuardian -Name "Guardian11" -GenerateCertificates

and ending with:

Enable-VMTPM -VMNAME "TPM"

from a Microsoft article 34431.windows-10-enabling-vtpm-virtual-tpm.aspx is there any danger of the existoing VMs or the host getting messed or, or does the HGS only affect any VMs that I explicitly reference?


windows-server-hyper-v
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GordonThomas-6194 avatar image
0 Votes"
GordonThomas-6194 answered

On further investigation, this is a very complex feature to install and get right. Microsoft strongly recommend that it is installed in a cluster in case a node is lost. Otherwise, recovery is very difficult, if not impossible.

While it isn't the answer I wanted, I have since found that you can interrupt the Windows 11 installation process and insert some registy keys that will allow you to install it without TPM. Search for 'Windows 11 LabConfig'.

Not recommended for production or critical usage, but allows you to run Windows 11 for testing purposes at least.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.