A Secured-Core server is one that protects hardware, firmware, drivers, and OS from handling critical data. Here's how you will set up a Secured-Core server using Windows Admin Center, Desktop Experience, and Group Policy.
To add an extra layer of security to your Windows device, enable Secured-core features through the Windows Admin Center. It is a powerful utility that gives you a unified user interface to manage all your device's security settings. Open the Secured-core tab in the Windows Admin Center and ensure everything in it is enabled. This will simply bring your device's protection from any kind of malware, ransomware, or unauthorized access to the next level.
Refer to the guide below for further details on Secured-core and its advantages, or in case you are looking for other ways to configure. You get more step-by-step instructions and valuable information there, depending on your specific needs and device configuration. Enable Secured-core to improve your device security posture significantly and protect your precious data with the following guidance from the above guide.
How to Configure Secured-core Server for Windows Server
Secured-core is a robust security framework that secures the device at every layer starting from hardware, firmware, drivers to the operating system. This in-depth protection starts right before the OS loads to ensure a secure computing environment. Secured-core servers provide a trustable environment while securing critical data and applications.
Prerequisites of Secured-core Configuration
Make sure these requirements have been met prior:
• Secure Boot: This should be turned on in the BIOS of the device.
• TPM 2.0: The Secured-core functionality needs a TPM 2.0 chip.
• System Firmware: The system firmware shall be based on the pre-boot DMA protection and shall set the pertinent flags in ACPI tables to let Kernel DMA Protection be enabled.
Refer to the Kernel DMA Protection Memory Access Protection document for OEMs for more details.
• Hardware Capabilities: BIOS shall possess the following set of capabilities such as virtualization extensions enabled, IOMMUs enabled, and Dynamic Root of Trust for Measurement enabled.
• AMD-specific: On AMD-based systems, Transparent Secure Memory Encryption should be enabled.
Configuration Methods:
Now that the requirements are out of the way, let's look at some methods of configuring your Secured-core server:
• Windows Admin Center: A unified management experience for Windows environments.
• Computer Management: A native console in Windows to manage local and remote computers.
• Group Policy: Well, well, this sounds like a pretty powerful method to configure settings on multiple devices.
Let us dive into each method in depth.
1] Via Windows Admin Center
To apply Secured-core on your server through Windows Admin Center, follow these steps: a. Sign in to Windows Admin Center: Open the portal and then sign in. b. Select the Server: You'll be selecting the server you want to configure with Securedcore. c. In Secured-core Settings: Go to Security > Secured-core. d. Turn on the Security Features: Under any security features showing as Not configured, set them to Enable.
5. "Schedule Reboot: It will pop up a screen that says Schedule a reboot of the system. Choose a time that best suits you and reboot the server.
6. "Verify Configuration: Once you have done the reboot, go to Security > Secured-core. You will now find that the following security features are set.
2] Using GUI
Enabling the Memory Integrity and Firmware Protection
You can turn on these security features from the Windows GUI itself without having to go through Windows Admin Center if you don't want to. The steps which you can follow here are:
1.
Open Computer Management: In the Administrative Tools in Windows, start Computer Management.
Check Device Drivers: Within Device Manager, ensure all drivers are updated and working correctly. If you are on an AMD chip, you should also make sure the DRTM Boot Driver is installed.
Enable Core Isolation Features: In order to do that, open Windows Security > Device security > Core isolation details and then turn on Memory Integrity and Firmware Protection.
4. Reboot your PC for changes to take effect.
How to Verify:
To verify that it is enabled, open the Run dialog using the Windows Key + R, type "msinfo32.exe," and press Enter. And you should see the following listed as:
• Secure Boot State: On
• Kernel DMA Protection: On
• Virtualization-based security: Running
• Virtualization-based security Services Running: Hypervisor enforced Code Integrity and Secure Launch
With the above steps, you would have enabled Memory Integrity and Firmware Protection to enhance your system security.
3] By Group Policy
Setting Up Secure Boot for a Domain Network
If you want to use Secure Boot for multiple users on your domain network, you can use Group Policy Objects. Group Policy Objects are a collection of operating system settings, which allow centralized management and enable you to configure operating systems, applications, and user settings of the devices on the network.
To set up Secure Boot, perform the following steps:
1. Access Group Policy Management Console: Access the Group Policy Management Console.
2. Create or Edit Group: create a new group or edit an existing one and add the users to it.
3. Move to Secure Boot Settings: Computer Configuration · Administrative Templates · System · Device Guard
4. Turn on Virtualization-Based Security: Double click on "Turn On Virtualization Based Security" · Click on "Enable"
5. Setup the Security Settings: Platform Security Level: Click "Secure Boot and DMA Protection"
o Enable Virtualization-Based Protect of Code Integrity: Under the options, select either Enabled without lock or Enabled with UEFI lock.
o Set Secure Launch Configuration to Enabled.
6. Apply Changes: Click OK and restart your computer.
Note on the UEFI Lock: You cannot remotely reset enabling the UEFI lock for Virtualization-Based Protect of Code Integrity. To disable this, you will want to change the Group Policy to Disabled and manually clean the UEFI configuration from each computer affected.
Verification: Run gpresult /SCOPE COMPUTER /R /V in PowerShell as administrator or check settings using msinfo32.exe to verify Secure Boot configuration. ALL of the following Virtualization settings must be Enabled.
That is all about How to Setup Secured-core Server for Windows Server, so we hope you will can set it up as soon as possible.
Here is a step-by-step guide that shows you How to Install and Deploy a Network Driver on Windows Server
To learn how to install and configure Windows Server Essentials Experience, here is a complete guide.
If you are wondering how to configure IPAM on Windows Server, here is a guide with the best answer.
Azure has different methods that can connect your Windows Server machines to the cloud. From a GUI in the form of the Windows Admin Center, used to ease the management of these onboarding processes, to PowerShell for the automation of more complex scenarios, and finally to Azure Arc, which extends Azure services to on-premise environments. This tutorial will walk you through how to onboard your Windows Server systems using these methods.
If you are wondering how to install the SCCM console on Windows 11, here is a guide with the best answer.
If you don't know how to fix the "Run as another user" error that doesn't appear in Windows 11, here is a guide that will help you.
Today I will explain to you How to enlarge the HUD and the font in Songs of Conquest
I will tell you today that there are randomly generated maps in Songs of Conquest?
Today I will teach you how to save your game in Songs of Conquest
Today I will explain to you How to increase the carrier limit in Songs of Conquest
I will explain to you How to leave the battle in Songs of Conquest