What's new

As admin - how to disable greyed out Core Isolation?

sfwul

New Member
Microsoft Surface Pro 7+
Windows 10 x64
Settings > Update & Security > Windows Security > Device Security > Core Isolation is greyed out.

Being admin I can't disable it (Core Isolation), being necessary for a Photoshop CS6 install.

Any suggestions how to solve this?


Thanks!
 

Attachments

  • Photoshop disabling Memory integrity-not possible-29062022 100619.png
    Photoshop disabling Memory integrity-not possible-29062022 100619.png
    142 KB · Views: 196

GreyFox7

Super Moderator
Staff member
If I was a betting man which I'm not so I'll just guess ... there's a corporate policy controlling this setting. It might be Active Directory or Mobile Device Management or some other management software. If so, to confirm the policy is controlling the setting you have to move/remove the device out of the jurisdiction of the policy. i.e. move it to a test OU in Active Directory that is not under the control of the policy or some similar action applicable for other management software. I'm not in the game anymore so I cannot keep up with all the myriad software device management schemes etc. also "Intune" is another way to screw up on a mass scale err... I mean manage device settings...

you could talk to "people" in charge of policies ... yeah, like that will be satisfying :(

once you've confirmed it is controlled by policy then you have to set about getting an exception implemented.

if this isn't the case I have no idea.

given that these are "security" settings it probably came down from the security department so good luck getting that changed. Those guys live in another world and your device/application performance is not a concern.
 
Last edited:
OP
S

sfwul

New Member
Thanks for your reply. I am an 'individual' user and have admin rights on this device. It is a 'long shot', but I suspect... that it might have something to do with the following. At startup there are two users to select from, my wife and me. Same PIN code by the way. I have just some other stuff added to my environment.

I just checked: within her account Core Isolation is also greyed out. Account type: standard (i.e. non-admin).

Later..
Found the solution on Technet at: "This setting is managed by your administrator" can't turn ON Memory Integrity

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity, Enabled key,
Change from 1 > 0
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard, Enable key,
Change from 0 > 1

After rebooting this setting was 'ungreyed' indeed... :)
 

Attachments

  • SnagIt-02072022 081732.png
    SnagIt-02072022 081732.png
    12.2 KB · Views: 121

GreyFox7

Super Moderator
Staff member
I wonder why would an App REQUIRE disabling security settings. I hope they plan to fix this. Seems like something you want.
 
Top