Thunderbolt docking station installation currently blocked by GPO


Hello All,

Currently we have windows 10_1809 version and we want enable supporting Thunderbolt docking station. It’s currently blocking of PCICC_0C0A due to security reason(DMA attacks over Thunderbolt interfaces).  How we can enable it without any security risk?

My understanding summary to enable this is below :

– Enable Windows Defender Core isolation -> Memory Integrity

– Support Kernel DMA Protection.

– Remove the legacy Thunderbolt Mitigation from the GPO (blocking of PCICC_0C0A)




solved 0
Amit laha 1 year 2020-05-27T08:41:20+05:30 1 Answer 137 views Beginner 0

Answer ( 1 )


    If Understand correctly GPO won’t get applied until the provisioning process of SCCM TS is completed isn’t it ?

    So, in your scenario, the GPO is getting applied to the device after the OSD task sequence. Is that a correct understanding?

    To answer your questions, yes I think you already answered your own question:-D

    But it’s your organization’s security or cyber defense team to decide whether these settings are good for them or not.

    Best answer

Leave an answer

Sorry, you do not have a permission to answer to this question .