Scan Secure Boot Enabled PC's
Donny B.
I am needing to see which pcs have Secure Boot enabled or not. Is there an easy way in Inventory to see this? I know I can run a powershell command such as:
Confirm-SecureBootUEFI
and get the status. However I did not know if there was a way to get this information via inventory without having to run a command on 200+ pcs individually.
0
Comments
If you have Windows 7, then Secure boot must be disable to enable legacy support.
If you have Windows 8/10 then Secure boot should be enable by default.
What are you trying to archived?
All of our pc's are Windows 10. However up until recently none of them had Secure Boot enabled by default. We never have had it enabled until recently because I never bothered to get it working with MDT deployments. The problem right now is we are looking to install Sophos Web Gateway and it has an issue with the signed driver requirement in Windows 10 build 1607 that requires secure boot to be disabled for the program to install correctly. They are aware of the bug and are working to fix it but I am looking for a way to get the program installed now rather than wait for them to fix it. Most of our computers do not have secure boot enabled which is not an issue. The issue is the ones that do I need to deploy a Dell CCTK bios update to so I can disable secure boot and allow this installation.
So if there was a registry setting I could put as a condition or similar that would be ideal but my searches are coming up unfruitful.
Try to run scan on this registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State
Enabled:1
Disabled:0
Not Support(VM or older motherboard): Missing \State key
My secure boot is turn off. Tt has Secure boot option, but a pain to turn it on so I never bother to turn it on
EDIT: You can also use msinfo32 to see if secureboot is enabled/disabled/unsupported
Here's what Secureboot enabled looks like