Thunderbolt docking station installation currently blocked by GPO

Question

Hello All,

Currently we have windows 10_1809 version and we want enable supporting Thunderbolt docking station. It’s currently blocking of PCICC_0C0A due to security reason(DMA attacks over Thunderbolt interfaces).  How we can enable it without any security risk?

My understanding summary to enable this is below :

– Enable Windows Defender Core isolation -> Memory Integrity

– Support Kernel DMA Protection.

– Remove the legacy Thunderbolt Mitigation from the GPO (blocking of PCICC_0C0A)

 

Thanks

Amit

solved 0
Amit laha 4 months 1 Answer 82 views Beginner 0

Answer ( 1 )

  1. If Understand correctly GPO won’t get applied until the provisioning process of SCCM TS is completed isn’t it ?

    So, in your scenario, the GPO is getting applied to the device after the OSD task sequence. Is that a correct understanding?

    To answer your questions, yes I think you already answered your own question:-D

    But it’s your organization’s security or cyber defense team to decide whether these settings are good for them or not.

    Best answer

Leave an answer

Sorry, you do not have a permission to answer to this question .