66 docs tagged with "Certificates"

Displays boot environment audit results for managed Windows devices.

Audits the boot environment, Secure Boot certificates, OEM updates, telemetry, and cumulative update status on a Windows device and returns the results as an object.

Sets this custom field to 1 when the script runs successfully, indicating that the boot environment has been audited and data is available in the other custom fields.

The script audits Windows boot security and populates 24 custom fields (SB_ prefix) with critical data: Secure Boot status, UEFI CA 2023 certificate enrollment, OEM driver updates, cumulative update readiness, BIOS versions, firmware boot entries, WinRE status, telemetry configuration, and registry servicing values. It downloads and executes the core audit script, transforms output for RMM database compatibility, and exports JSON results for custom field integration, enabling administrators to track boot security posture and compliance across managed endpoints.

A centralized dashboard to monitor Windows boot security across all endpoints. Instantly identify missing OEM updates, Secure Boot status, CA 2023 readiness, and potential boot misconfigurations.

This solution outlines the automated process for auditing the boot environment and security configuration of Windows endpoints using ConnectWise RMM.

Audits the boot environment, Secure Boot certificates, OEM updates, telemetry, and cumulative update status across Windows devices and stores the results for fleet-wide reporting.

This monitor looks for any SSL certificates that have an expiration date of less than 30 days. This solution is effective for catching machines that may have been missed and do not have active reminders in place for certificate renewals. Additionally, the difference between the certification addition and expiration should be at least 30 days to trigger an alert.

Select the operating system to enable monitoring and alerts for certificates that will expire in the next 30 days.

Group of machines with certificate expiration monitoring enabled.

This solution outlines the steps for identifying and monitoring Windows certificates that are set to expire within the next 30 days through CW RMM.

This solution provides a mechanism to automatically deploy the Cisco Umbrella Root CA certificate to both Windows and Macintosh devices.

A group tailored for Windows Servers that have the Active Directory Certificate Services role installed.

Flag this checkbox to enable installation of the Cisco Umbrella Root CA certificate on all Windows and Mac devices managed for the client. This ensures secure SSL inspection and trusted communication with Cisco Umbrella services.

This custom field shows whether Secure Boot is enabled on the device.

Devices with Secure Boot disabled for compliance and security monitoring.

This document describes a custom field that tracks the secureboot status on machines, detailing its dependencies and specific field information relevant to machine management.

This task checks and records the SecureBoot status on devices, including SecureBoot certificates.

This custom field shows the status of the Windows Secure Boot Database (DB) certificate.

This custom field displays the status of the Windows Key Exchange Key (KEK) certificate.

This custom field indicates the current telemetry (diagnostic data) level on Windows. Shows whether Windows telemetry is enabled and its level (Basic, Enhanced, Full)

This group contains all client machines (Windows and Mac) where the organization-level custom field "cPVAL Install Cisco Umbrella Root CA Certificate" is enabled. A task runs daily against this group to install or verify the Cisco Umbrella.

Executes Cisco Umbrella Root CA certificate installation script daily on machines in target group.

Flag this custom field to exclude computer from the certification expiration monitoring.

Flag this custom field to exclude location from the certification expiration monitoring.

This monitor executes the Boot Environment Audit script once per week against Windows Workstations and Servers.

Audits the boot environment, Secure Boot certificates, OEM updates, telemetry, and cumulative update status on a Windows device and returns the results as an object.

Downloads and installs the Cisco Umbrella Root CA certificate to the Local Machine Trusted Root store.

Downloads and installs the Cisco Umbrella Root CA certificate to the Local Machine Trusted Root store.

Stores the boot environment details of windows machines returned by the Boot Environment Audit script.

This script remediates UEFI Secure Boot compliance for Windows 2026 by ensuring systems have the required 2023 UEFI certificates (KEK and db), enabling Microsoft-managed certificate updates, and reporting the remediation status. It validates Secure Boot, configures registry keys for automatic updates, monitors servicing status, and logs results.

This script automates the remediation of UEFI Secure Boot certificates required for Windows 2026 compliance. It ensures the system has the latest 2023 UEFI certificates (KEK and db) and configures the system for automatic Microsoft-managed UEFI certificate updates.

This script automates the remediation of UEFI Secure Boot certificates required for Windows 2026 compliance. It ensures the system has the latest 2023 UEFI certificates (KEK and db) and configures the system for automatic Microsoft-managed UEFI certificate updates.

Secure Boot registry AvailableUpdates value. Updated by the Boot Environment Audit task.

Current BIOS version string from Win32_BIOS. Updated by the Boot Environment Audit task.

Secure Boot servicing BucketHash registry value. Updated by the Boot Environment Audit task.

Minimum BIOS version required for CA2023 support from OEM lookup. Updated by the Boot Environment Audit task.

Secure Boot servicing ConfidenceLevel registry value. Updated by the Boot Environment Audit task.

Secure Boot servicing ConfidenceUpdateType registry value. Updated by the Boot Environment Audit task.

Most recently installed Windows cumulative update identifier. Updated by the Boot Environment Audit task.

Timestamp when boot environment data was last collected. Updated by the Boot Environment Audit task.

UEFI db certificate CA2023 enrollment status. Updated by the Boot Environment Audit task.

UEFI dbDefault certificate CA2023 enrollment status. Updated by the Boot Environment Audit task.

Evidence lines from bcdedit for non-Windows EFI indicators. Updated by the Boot Environment Audit task.

Whether non-Windows EFI boot entries are detected. Updated by the Boot Environment Audit task.

UEFI KEK certificate CA2023 enrollment status. Updated by the Boot Environment Audit task.

Whether November 2025 or newer cumulative update is installed. Updated by the Boot Environment Audit task.

Number of available OEM driver updates. Updated by the Boot Environment Audit task.

Comma-separated summary of detected boot conditions. Updated by the Boot Environment Audit task.

Evidence lines from bcdedit for PXE/network boot indicators. Updated by the Boot Environment Audit task.

Whether PXE or network boot entries are detected in firmware. Updated by the Boot Environment Audit task.

Secure Boot state: Enabled, Disabled, or Unknown. Updated by the Boot Environment Audit task.

Windows telemetry state based on registry and DiagTrack service. Updated by the Boot Environment Audit task.

Secure Boot servicing UEFICA2023Error registry value. Updated by the Boot Environment Audit task.

Secure Boot servicing UEFICA2023Status registry value. Updated by the Boot Environment Audit task.

Secure Boot servicing WindowsUEFICA2023Capable registry value. Updated by the Boot Environment Audit task.

Whether Windows Recovery Environment is enabled on the device. Updated by the Boot Environment Audit task.

This solution checks the Secure Boot status and validates the associated certificates. If the system is using older Secure Boot certificates, the custom fields are updated accordingly. If the system is using updated certificates. The custom fields are updated to reflect the compliant status.

This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026. Microsoft is replacing legacy Secure Boot certificates with updated 2023-era certificates (KEK and DB). Devices that do not contain these updated certificates may be considered at risk once older certificates expire.

This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026. Microsoft is replacing legacy Secure Boot certificates with updated 2023-era certificates (KEK and DB). Devices that do not contain these updated certificates may be considered at risk once older certificates expire.

This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026.

This solution checks the Secure Boot status and validates the associated certificates. If the system is using older Secure Boot certificates, the custom fields are updated accordingly. If the system is using updated certificates, the custom fields are updated to reflect the compliant status.

This Script pulls any and all certificates in the personal certificate repository on windows machines that it is run on.

Details all the Custom Fields related to Windows Secure Boot Audit

Fetches the status of key certificate and configurations that will be needed before the current secure boot certificates expire.

This solution fetches the status of key certificate and configurations that will be needed before the current secure boot certificates expire.