Boot Environment Audit
Purpose
The goal of this solution is to audit the boot environment and security posture of Windows Workstations and Servers—collecting data on Secure Boot status, UEFI CA 2023 certificate enrollment, BIOS firmware readiness, pending OEM driver updates, cumulative update compliance, boot configuration anomalies, and telemetry settings—and store the results in a custom table for fleet-wide reporting and compliance tracking.
Associated Content
Scripts
| Content | Type | Function |
|---|---|---|
| Boot Environment Audit | Script | Runs the audit against each device, collects all boot environment data, and stores the results in the custom table. |
| OverFlowedVariable - SQL Insert - Execute | Script | Helper script used to handle and insert overflowed data into the custom database table. |
Monitor
| Content | Type | Function |
|---|---|---|
| Execute Script - Boot Environment Audit | Internal Monitor | Executes the audit script once per week against all Windows Workstations and Servers. |
Alert Template
| Content | Type | Function |
|---|---|---|
△ Custom - Execute Script - Boot Environment Audit | Alert Template | Executes the Boot Environment Audit script against the machines detected by the internal monitor. |
Data and Reporting
| Content | Type | Function |
|---|---|---|
| pvl_boot_environment_details | Custom Table | Stores the boot environment audit data collected from each device. |
| Boot Environment Audit | Dataview | Displays the boot environment audit results for fleet-wide review and compliance reporting. |
Addition Content
| Content | Type | Function |
|---|---|---|
| Remediate SecureBootCompliance2026 | Script | This script uses the agnostic script Agnostic Script - Remediate SecureBootCompliance2026 to run the Automate implementation of the PS1 on the Windows 2026 agents, so that it can remediate UEFI Secure Boot compliance for Windows 2026 by ensuring systems have the required 2023 UEFI certificates (KEK and DB), enabling Microsoft-managed certificate updates, and reporting the remediation status. It validates Secure Boot, configures registry keys for automatic updates, monitors servicing status, and logs results. |
Implementation
-
Import the associated scripts, internal monitor, dataview, and alert template from the ProSync plugin.
-
Execute the Boot Environment Audit script on any online Windows device with the
SetEnvironmentparameter set to1. This creates the required pvl_boot_environment_details custom table.
-
Reload the system cache (Ctrl + R) and verify the custom table was created successfully.
-
Configure the solution as follows:
- Navigate to
Automation→Monitorswithin the CWA Control Center and set up the following:- Execute Script - Boot Environment Audit
- Configure with the alert template:
△ Custom - Execute Script - Boot Environment Audit - Right-click and Run Now to start the monitor.
- Configure with the alert template:
- Execute Script - Boot Environment Audit
- Navigate to
-
For additional remediation script, feel free to schedule it to the Windows Server 2026 group once a month.
Changelog
2026-06-19
- Added the remediation for the secure boot compliance in it, as it can change the audit data and is completely related to this solution.
2026-05-06
- Initial version of the document.
- Deprecated content:
- Solution: Windows Secure boot Audit
- Role: Windows Secure Boot
- Role: Windows Telemetry
- Role: Windows DB Certificate
- Role: Windows KEK Certificate
- Dataview: Windows Secure Boot Audit [Role]