To disable Device Guard or Credential Guard on Itanium based computers:
- Disable the group policy setting that was used to enable Credential Guard.
- On the host operating system, click Start > Run, type gpedit.msc, and click Ok. The Local group Policy Editor opens.
- Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security.
- Select Disabled.
- Go to Control Panel > Uninstall a Program > Turn Windows features on or off to turn off Hyper-V.
- Select Do not restart.
- Delete the related EFI variables by launching a command prompt on the host machine using an Administrator account and run these commands:
mountvol X: /s
copy %WINDIR%System32SecConfig.efi X:EFIMicrosoftBootSecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "EFIMicrosoftBootSecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d
Note: Ensure X is an unused drive, else change to another drive. - Restart the host.
- Accept the prompt on the boot screen to disable Device Guard or Credential Guard.
If you have a machine with Legacy BIOS boot:
- Open the command prompt as Administrator on host.
- Run this command:
bcdedit /set hypervisorlaunchtype off - Reboot the host.
Note: To find EFI or BIOS type msinfo32.exe in the Run tab.
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146361