Need help with a Custom Inventory Script to identify if Secure Boot is Enabled and what BIOS Mode the machine is running in
Add your rating:
I am trying to create a Custom Inventory Script that inventories for Secure Boot status and BIOS Mode being used. Trying to determine which machines can have Secure Boot enabled quickly versus a bit more work involved to possibly change boot drive to GPT before being able to change to UEFI BIOS Mode and then enabled Secure Boot.
Here's what I have so far. The Secure Boot Custom Inventory does display on the machine but BIOS Mode fails to pull the correct information.
ShellCommandTextReturn(powershell -command "& {$sb=Confirm-SecureBootUEFI 2>$null; if ($sb -eq $true) {'Secure Boot: Enabled'} else {'Secure Boot: Disabled'}; (Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty BIOSMode)}")
Can anyone assist with getting that second portion functioning properly?
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
Nico_K
1 month ago
the powershell variable $env:firmware_type contains Legacy or UEFI, so
powershell $env:firmware_typecould be easier.
Get-ItemProperty `-Path hklm:\System\CurrentControlSet\Control\SecureBoot\State ` |Select-Object UEFISecureBootEnabledbrings the nessesary info (0,1 or ERROR) about Secure Boot enabled or not (0 if not enabled, 1 if enabled and an error message if non UEFI)
Posted by:
ronni3
1 month ago
I tried adding what you suggested but I may not be well versed enough in scripting for the Kace appliance. Any chance you could assist with providing a full custom inventory script that you think could work?
Comments:
-
ShellCommandTextReturn(powershell $env:firmware_type)
and the other
ShellCommandTextReturn(powershell Get-ItemProperty `-Path hklm:\System\CurrentControlSet\Control\SecureBoot\State ` |Select-Object UEFISecureBootEnabled )
or part of your script if you want change the results in your own answers etc - Nico_K 1 month ago