From 31fae4de475217a41f3c86d2e66e0c0b3556cf24 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Mon, 26 Aug 2024 10:17:15 -0700 Subject: Document disabling Hyper-V insanity --- README.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'README.md') diff --git a/README.md b/README.md index 305f1c8..09ab74a 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,30 @@ Most importantly, depending on the host configuration, you might end up with the https://forums.virtualbox.org/viewtopic.php?f=25&t=99390 https://learn.microsoft.com/en-us/troubleshoot/windows-client/application-management/virtualization-apps-not-work-with-hyper-v +After doing all of the above nonsense, I still needed to create a task scheduler job in Windows that actively pushes a couple of registry changes to forcibly disable VBS. This gets reverted every couple of reboots, give or take a few and then persists for usually a couple as well. Some subsystem in Windows actively tries to reenable VBS periodically which led me to implementing this strategy. It works, but it's ugly. + +You will want to start taskschd.msc. You will need to create two files related to this also. I dropped them both in c:\ directly to keep things simple. You can name them whatever you like, but remember what you use as you will need to reference both files. + +The first I created is c:\disable-crap.reg: + +``` +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard] +"LsaCfgFlags"=dword:00000000 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] +"LsaCfgFlags"=dword:00000000 +``` + +The second I created is c:\disable-crap.bat: + +``` +c:\windows\regedit.exe /s c:\disable-crap.reg +``` + +Back in task scheduler, I created a folder named disable under the main Task Scheduler Library and created a new task named the same. Under the General tab, it will list your user name as the author, but below that in the security options, you will want to change the user that this task runs as to SYSTEM and check the box near the bottom to allow it to run with the highest privileges. Under Triggers, I added two triggers, one at system startup and one at log on of any user. Under Actions, I told it to start a program and pointed it to c:\disable-crap.bat. I don't believe I changed any of the other options under any other tabs, but you should be able to check the History tab to see that it is running when it is supposed to be. That should be everything you need for this step, but as stated above, Windows will actively fight you over this, so you can always check msinfo32 at the very bottom right after you log in to check whether a hypervisor is detected (it will say almost exactly this at the bottom of the window past all of the Hyper-V entries if it has managed to enable itself again). If it has, simply reboot immediately and try again. I've had it take upward of three or four reboots sometimes, but usually one or two suffices. + I also had to disable full memory encryption in the BIOS. Other steps might also be necessary, depending on how broken Windows has become when you're reading this. ### Installation -- cgit v1.2.3