It has come to the notice that the customers who deployed Microsoft’s security baseline for Windows 10 v1709 are likely to experience device and component failures. The Microsoft Baseline Security Analyzer is a tool by Microsoft which helps in determining the security state by accessing the missing security updates. The tool also analyses less-secure updates and encourages the users to remove the same.
Issue with BitLocker/DMA settings in Windows 10
The BitLocker GPO settings in the Windows security configuration baselines for Windows 10 includes “Disable new DMA devices when this computer is locked” This setting was originally launched with the Windows 10 v1703 and is also part of Microsoft’s recommended baselines for both v1703 and Windows 10v1709 (Creators Update.) In the recent past, the Group Policy setting for the v1709 was strengthened. This update leads to several problems with the network adapters, audio devices and also pointing devices.
In the meanwhile its crucial to understand the importance of Group Policy for BitLocker. The Group Policy extends protection against external devices which are plugged into the DMA ports, but with this update, the Group Policy started adversely affecting the internal components as well. Microsoft has informed that it is already aware of the problem and is working on a solution as well.
Microsoft recommends Windows 10v 1709 customers who are affected by this bug to revert the Group Policy setting to “Not Configured.” Alternatively, the settings can also be set to “disabled” in order to avoid this issue. That being said this is still a temporary workaround until Microsoft issues a patch.
Moreover, Microsoft has also mentioned that removing the setting will not negatively impact systems which do not have DMA ports and this includes the Microsoft Surface Pro and other OEM devices. Additionally, you may also check up with OEM for the exact specification of your device.
