Can anyone confirm the following? Workstation/Servers - both need the AV key in order to do any patching going forward
Workstation At one point in the MS article for workstation patching (4073119) I could of sworn there wasn't anything about having to making registry settings (except for AV) but now it looks like they added 2 registry keys. Were these 2 reg keys always in the KB/needed? reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f Server 3 reg keys need to be added for the server patch to take effect. Are you enabling this on all your servers or just the 3 use cases they list in their article (4072698). reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f Thanks
