54 docs tagged with "Secure Boot"

Displays boot environment audit results for managed Windows devices.

Audits the boot environment, Secure Boot certificates, OEM updates, telemetry, and cumulative update status on a Windows device and returns the results as an object.

Sets this custom field to 1 when the script runs successfully, indicating that the boot environment has been audited and data is available in the other custom fields.

The script audits Windows boot security and populates 24 custom fields (SB_ prefix) with critical data: Secure Boot status, UEFI CA 2023 certificate enrollment, OEM driver updates, cumulative update readiness, BIOS versions, firmware boot entries, WinRE status, telemetry configuration, and registry servicing values. It downloads and executes the core audit script, transforms output for RMM database compatibility, and exports JSON results for custom field integration, enabling administrators to track boot security posture and compliance across managed endpoints.

A centralized dashboard to monitor Windows boot security across all endpoints. Instantly identify missing OEM updates, Secure Boot status, CA 2023 readiness, and potential boot misconfigurations.

This solution outlines the automated process for auditing the boot environment and security configuration of Windows endpoints using ConnectWise RMM.

Audits the boot environment, Secure Boot certificates, OEM updates, telemetry, and cumulative update status across Windows devices and stores the results for fleet-wide reporting.

This custom field shows whether Secure Boot is enabled on the device.

Devices with Secure Boot disabled for compliance and security monitoring.

This document describes a custom field that tracks the secureboot status on machines, detailing its dependencies and specific field information relevant to machine management.

This task checks and records the SecureBoot status on devices, including SecureBoot certificates.

This custom field shows the status of the Windows Secure Boot Database (DB) certificate.

This custom field displays the status of the Windows Key Exchange Key (KEK) certificate.

This custom field indicates the current telemetry (diagnostic data) level on Windows. Shows whether Windows telemetry is enabled and its level (Basic, Enhanced, Full)

This monitor executes the Boot Environment Audit script once per week against Windows Workstations and Servers.

Audits the boot environment, Secure Boot certificates, OEM updates, telemetry, and cumulative update status on a Windows device and returns the results as an object.

Stores the boot environment details of windows machines returned by the Boot Environment Audit script.

This script remediates UEFI Secure Boot compliance for Windows 2026 by ensuring systems have the required 2023 UEFI certificates (KEK and db), enabling Microsoft-managed certificate updates, and reporting the remediation status. It validates Secure Boot, configures registry keys for automatic updates, monitors servicing status, and logs results.

This script automates the remediation of UEFI Secure Boot certificates required for Windows 2026 compliance. It ensures the system has the latest 2023 UEFI certificates (KEK and db) and configures the system for automatic Microsoft-managed UEFI certificate updates.

This script automates the remediation of UEFI Secure Boot certificates required for Windows 2026 compliance. It ensures the system has the latest 2023 UEFI certificates (KEK and db) and configures the system for automatic Microsoft-managed UEFI certificate updates.

Secure Boot registry AvailableUpdates value. Updated by the Boot Environment Audit task.

Current BIOS version string from Win32_BIOS. Updated by the Boot Environment Audit task.

Secure Boot servicing BucketHash registry value. Updated by the Boot Environment Audit task.

Minimum BIOS version required for CA2023 support from OEM lookup. Updated by the Boot Environment Audit task.

Secure Boot servicing ConfidenceLevel registry value. Updated by the Boot Environment Audit task.

Secure Boot servicing ConfidenceUpdateType registry value. Updated by the Boot Environment Audit task.

Most recently installed Windows cumulative update identifier. Updated by the Boot Environment Audit task.

Timestamp when boot environment data was last collected. Updated by the Boot Environment Audit task.

UEFI db certificate CA2023 enrollment status. Updated by the Boot Environment Audit task.

UEFI dbDefault certificate CA2023 enrollment status. Updated by the Boot Environment Audit task.

Evidence lines from bcdedit for non-Windows EFI indicators. Updated by the Boot Environment Audit task.

Whether non-Windows EFI boot entries are detected. Updated by the Boot Environment Audit task.

UEFI KEK certificate CA2023 enrollment status. Updated by the Boot Environment Audit task.

Whether November 2025 or newer cumulative update is installed. Updated by the Boot Environment Audit task.

Number of available OEM driver updates. Updated by the Boot Environment Audit task.

Comma-separated summary of detected boot conditions. Updated by the Boot Environment Audit task.

Evidence lines from bcdedit for PXE/network boot indicators. Updated by the Boot Environment Audit task.

Whether PXE or network boot entries are detected in firmware. Updated by the Boot Environment Audit task.

Secure Boot state: Enabled, Disabled, or Unknown. Updated by the Boot Environment Audit task.

Windows telemetry state based on registry and DiagTrack service. Updated by the Boot Environment Audit task.

Secure Boot servicing UEFICA2023Error registry value. Updated by the Boot Environment Audit task.

Secure Boot servicing UEFICA2023Status registry value. Updated by the Boot Environment Audit task.

Secure Boot servicing WindowsUEFICA2023Capable registry value. Updated by the Boot Environment Audit task.

Whether Windows Recovery Environment is enabled on the device. Updated by the Boot Environment Audit task.

This solution checks the Secure Boot status and validates the associated certificates. If the system is using older Secure Boot certificates, the custom fields are updated accordingly. If the system is using updated certificates. The custom fields are updated to reflect the compliant status.

This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026. Microsoft is replacing legacy Secure Boot certificates with updated 2023-era certificates (KEK and DB). Devices that do not contain these updated certificates may be considered at risk once older certificates expire.

This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026. Microsoft is replacing legacy Secure Boot certificates with updated 2023-era certificates (KEK and DB). Devices that do not contain these updated certificates may be considered at risk once older certificates expire.

This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026.

This solution checks the Secure Boot status and validates the associated certificates. If the system is using older Secure Boot certificates, the custom fields are updated accordingly. If the system is using updated certificates, the custom fields are updated to reflect the compliant status.

This document provides an overview of a PowerShell script that assesses whether a Windows 10 machine meets the hardware requirements for upgrading to Windows 11. It includes checks for storage, memory, TPM, processor details, and Secure Boot status, along with implementation details for Kaseya VSA.

This document provides an overview of how to determine which machines are eligible for an upgrade to Windows 11 using a PowerShell script. It details dependencies, the columns of data returned, and the significance of each column in assessing compatibility.

Details all the Custom Fields related to Windows Secure Boot Audit

Fetches the status of key certificate and configurations that will be needed before the current secure boot certificates expire.

This solution fetches the status of key certificate and configurations that will be needed before the current secure boot certificates expire.