vCenter

 View Only
  • 1.  Performance hit with VBS enabled

    Posted Jul 11, 2023 02:19 PM

    After enabling "Virtualization Based Security" in Windows 2019 VM's it gives performance issues during group policy execution:

    While the general performance hit is as low as 1% or 2% on new hardware, it stays very significant during computer group policy execution. Group policy components which require only milliseconds to execute when VBS is turned off, take multiple seconds or are giving a timeout on VM's with VBS enabled. Users notice login delays because of this.

    We do not notice these group policy execution delays on Windows 2019 VM's running on Hyper-V hosts, only on ESX hosts. Group policies, enabled VBS features, and all other factors are the same. 

    VMware ESXi, 7.0.3, VM version 19, CPU hardware virtualization/io mmu & secure boot enabled.

    Is this expected behaviour with nested virtualization?



  • 2.  RE: Performance hit with VBS enabled

    Posted Feb 20, 2024 08:55 PM

    I was hoping to see some responses to this. Have you found a workaround? I have fully tested that VBS does indeed significantly increase the time to apply group policy on a Windows 10 machine. I have not tested Windows 11 fully yet, but doesn't seem to have the same impact in early testing.