From Windows 10 Security Technical Implementation Guide
Part of WN10-00-000080
Associated with: CCI-000381
Allowing other operating systems to run on a secure system may allow users to circumvent security. Preventing users from being assigned to the Hyper-V Administrators group will prevent them from accessing or creating virtual machines on the system. The Hyper-V Hypervisor is used by Virtualization Based Security features such as Credential Guard on Windows 10; however, it is not the full Hyper-V installation.
Run "Computer Management". Navigate to System Tools >> Local Users and Groups >> Groups. Double click on "Hyper-V Administrators". If any groups or user accounts are listed in "Members:", this is a finding. If the workstation has an approved use of Hyper-V, such as being used as a dedicated admin workstation using Hyper-V to separate administration and standard user functions, the account(s) needed to access the virtual machine is not a finding.
Remove any groups or users from the "Hyper-V Administrators" group.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer