Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

SCT installation - standalone Windows 2019 server?

Copper Contributor

Anyone try installing the SCT baseline on a standalone instance of Win2019?  When I try the install of the baseline on the host and reboot, I get punted to the repair window at boot.  Does anyone know how to perform the standalone install without incurring a boot repair?

 

20201115 - SCT install Win2019 error on boot.png

 

Process summary (install via Hyper-V lab):

  • Install Windows 2019 (w/desktop experience)
    • 2GB RAM
    • 127GB disk
    • 2 vCPU
  • Copy SCT component to the new Win2019 VM (in c:\temp) and extract
    • LGPO.zip
    • PolicyAnalyzer.zip
    • Windows 10 Version 1809 and Windows Server 2019 Security Baseline.zip
  • Copy the LGPO.exe binary to the baseline Local_Script/Tools dir
  • Open an admin powershell window, navigate to the appropriate baseline dir, run the installer script with the appropriate standalone switch
    • BaselineLocalInstall.ps1 -WS2019NonDomainJoined
  • Once the installation of the system modifications are complete, reboot

Any suggestions would be appreciated.

 

Thanks,

 

T.

4 Replies
Set-ExecutionPolicy RemoteSigned didn't help.

T.
best response confirmed by Rick_Munck (Microsoft)
Solution
Is 'Secure Launch ' enabled? 'Computer Configuration\Administrative Templates\System\Device Guard\Turn On Virtualization Based Security' Disable it via gpedit.msc.

My thanks - your fix regarding the disablement of "Secure Launch" via gpedit.msc seems to have done the trick.

 

T.

1 best response

Accepted Solutions
best response confirmed by Rick_Munck (Microsoft)
Solution
Is 'Secure Launch ' enabled? 'Computer Configuration\Administrative Templates\System\Device Guard\Turn On Virtualization Based Security' Disable it via gpedit.msc.

View solution in original post