Windows failed to apply the {F312195E-3D9D-447A-A3F5-08DFFA24735E} settings in gpupdate /force command (Solved)
On a Windows 10/11 Pro-based computer with Credential Guard enabled, you may encounter the following error when attempting to update Group Policy:
gpupdate /force
Updating policy…Computer Policy update has completed successfully.
The following warnings were encountered during computer policy processing:
Windows failed to apply the {F312195E-3D9D-447A-A3F5-08DFFA24735E} settings. {F312195E-3D9D-447A-A3F5-08DFFA24735E} settings might have its own log file. Please click on the "More information" link.
User Policy update has completed successfully.For more detailed information, review the event log or run
GPRESULT /H GPReport.htmlfrom the command line to access information about Group Policy results.
The reported error occurs when Windows Credential Guard is enabled on a system that does not meet the hardware and software requirements for Credential Guard. Credential Guard requires the following features to function properly:
- Virtualization-based security (VBS)
- Secure boot
When one of these features is missing, you will encounter the error "Windows failed to apply the {F312195E-3D9D-447A-A3F5-08DFFA24735E} settings" when trying to update the policy using the gpupdate /force command. Additionally, you may see one of the following errors in the Event Viewer > Application and services logs > Microsoft > Windows > DeviceGuard > Operational:
- Device Guard failed to process the Group Policy to enable Virtualization Based Security (Status = 0x80070057)
- Device Guard failed to process the Group Policy to enable Virtualization Based Security (Status = 0x80071149): Secure Boot is not enabled on this machine.
How to Fix Device Guard Errors 0x80070057 & 0x80071149 When Applying Group Policy Settings
To resolve the error "Windows failed to apply the {F312195E-3D9D-447A-A3F5-08DFFA24735E} settings" in the gpupdate /force command, follow these steps:
Step 1. Enable Secure Boot
Credential Guard requires the "Secure Boot" feature to function. Verify that "Secure Boot" is enabled on your system. To do this:
- Press Windows
+ R keys to open the run command box. - Type
msinfo32.exeand click OK.
- In System Summary, check the "Secure Boot State" status and proceed as follows based on the result:
- If the Secure Boot State is Off, enter the BIOS/UEFI settings and enable the Secure Boot feature. This change ensures that the system firmware verifies the integrity of the boot process, which is crucial for Credential Guard to operate securely. Then run the
gpupdate /forcecommand to update the policy.
Note: If you don't want to enable Secure Boot, or if the Secure Boot feature is already enabled in BIOS (Secure Boot State = On) and you receive the same error after executing the gpupdate /force command, skip to Step 2.
- If the Secure Boot State is Unsupported, skip to Step 2.
Step 2. Change "Virtualization Based Security" Settings
Open the Group Policy Editor and modify the "Virtualization Based Security" policy settings as follows:
- Press Windows + R keys to open the run command box.
- Type
gpedit.mscand click OK.
3. In Group Policy Editor, navigate to this path:
Computer ConfigurationAdministrative TemplatesSystemDevice Guard
4. Open the Turn on Virtualization Based Security policy on the right pane.
5. Make one of the following changes, based on your situation:
- If the policy setting is Enabled, and your system supports Secure Boot (Secure Boot State = On), ensure that the Platform Security level is set to "Secure Boot" or "Secure boot and DMA Protection". Then set the Virtualization Based Protection of Code Integrity to Disabled. This adjustment ensures that the system does not attempt to enforce code integrity policies that it cannot support, preventing errors during Group Policy updates.
- If the policy setting is "Not configured" or "Enabled" but your system doesn't support Secure Boot (Secure Boot State = Unsupported or Off), change the policy to Disabled and click OK. Disabling this policy prevents the system from attempting to apply security settings that are not compatible with the current hardware configuration.
6. When done, click Apply > OK and close the Group Policy Editor.
Attempt to update the policy again using the gpupdate /force command. The error should no longer appear.
Additional Solutions
Verify and Update System Drivers
Outdated or incompatible drivers can interfere with system features like Credential Guard. Ensure all system drivers, especially those related to virtualization and security, are up to date. You can check for driver updates via Device Manager or visit the official website of your device manufacturer.
Check Windows Updates
Ensure your Windows operating system is fully updated. Microsoft regularly releases updates that address compatibility issues and enhance security features. Navigate to Settings > Update & Security > Windows Update and check for updates.
Summary
When encountering the error "Windows failed to apply the {F312195E-3D9D-447A-A3F5-08DFFA24735E} settings" during a gpupdate /force command, ensure that Secure Boot is enabled if supported by your system. Adjust the "Virtualization Based Security" settings in the Group Policy Editor to match your system's capabilities. Additionally, verify that your drivers and Windows updates are current to prevent compatibility issues. By following these steps, you should be able to resolve the error and successfully apply Group Policy updates.
That's all, folks! Please leave a comment in the comment section below or even better: like and share this blog post on social networks to help spread the word about this solution.
Frequently Asked Questions
- Top Windows 11 Issues and Solutions for April 2026: A Comprehensive Guide. - April 29, 2026
- FIX "BitLocker Recovery" Loop after installing KB5083769 - April 27, 2026
- Ultimate CoD Warzone Settings for Enhanced FPS and Visibility - April 9, 2026
