Correct, although I think that third Registry Key for Servers is only needed for Hyper-V Hosts.
On top of all that, you would need to apply a BIOS/Firmware Update to get the CPU Microcode Updates. On Tue, Jan 9, 2018 at 9:01 AM, SCCM FUN <sccm...@hotmail.com> wrote: > Can anyone confirm the following? > > Workstation/Servers - both need the AV key in order to do any patching > going forward > > Workstation > At one point in the MS article for workstation patching (4073119) I could > of sworn there wasn't anything about having to making registry settings > (except for AV) but now it looks like they added 2 registry keys. Were > these 2 reg keys always in the KB/needed? > > reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session > Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f > reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session > Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 > /f > > Server > 3 reg keys need to be added for the server patch to take effect. Are you > enabling this on all your servers or just the 3 use cases they list in > their article (4072698). > > reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session > Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f > reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session > Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 > /f > reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" > /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f > > Thanks > >
