Installing and Upgrading the VPN client on a Computer with Device Guard Enabled
The Remote Access VPN client cannot be installed when Device Guard User Mode Code Integrity (also known as UMCI) is enabled.
To install, upgrade or uninstall the Remote Access client on a computer, on which UMCI is enforced:
-
Disable Device Guard user mode Code Integrity.
-
Install the client.
-
Enable Device Guard user mode Code Integrity.
To learn how to disable and enable Device Guard user mode Code Integrity, see the Microsoft instructions.
To deploy code integrity polices, follow the steps that Microsoft provides. After changing the policy XML file, initiate a new BIN file. There is no need to re-scan the system, so skip step "2. Use New-CIPolicy to create a new code integrity policy by scanning the system for installed applications". This is because the scan runs when Device Guard is deployed, so there is no need to scan again when you disable or enable UMCI.
