-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathExport-SecureBootStatusReport.ps1
More file actions
49 lines (42 loc) · 1.81 KB
/
Export-SecureBootStatusReport.ps1
File metadata and controls
49 lines (42 loc) · 1.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
###################################################################################################################
# Name: Export-SecureBootStatusReport.ps1
# Author: Thomas Marcussen, Thomas@ThomasMarcussen.com
# Date: June, 2025
###################################################################################################################
# Logs Secure Boot readiness to a CSV file
$results = [PSCustomObject]@{
ComputerName = $env:COMPUTERNAME
SecureBoot_Enabled = $false
MicrosoftUpdateManagedOptIn = $false
DiagnosticDataEnabled = $false
OS_Version = (Get-CimInstance Win32_OperatingSystem).Version
FirmwareVersion = $null
Timestamp = (Get-Date).ToString("s")
}
try {
if (Confirm-SecureBootUEFI) {
$results.SecureBoot_Enabled = $true
}
} catch {}
try {
$key = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Secureboot" -Name MicrosoftUpdateManagedOptIn -ErrorAction SilentlyContinue
if ($key.MicrosoftUpdateManagedOptIn -eq 0x5944) {
$results.MicrosoftUpdateManagedOptIn = $true
}
} catch {}
try {
$telemetry = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name AllowTelemetry -ErrorAction SilentlyContinue
if ($telemetry.AllowTelemetry -ge 1) {
$results.DiagnosticDataEnabled = $true
}
} catch {}
try {
$firmware = Get-CimInstance -ClassName Win32_BIOS
$results.FirmwareVersion = $firmware.SMBIOSBIOSVersion
} catch {}
# Export
$logPath = "C:\Logs\SecureBootStatus.csv"
if (-not (Test-Path "C:\Logs")) {
New-Item -Path "C:\Logs" -ItemType Directory -Force | Out-Null
}
$results | Export-Csv -Path $logPath -NoTypeInformation -Append