-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathRemediate-SecureBootConfig.ps1
More file actions
19 lines (15 loc) · 972 Bytes
/
Remediate-SecureBootConfig.ps1
File metadata and controls
19 lines (15 loc) · 972 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
###################################################################################################################
# Name: Remediate-SecureBootConfig.ps1
# Author: Thomas Marcussen, Thomas@ThomasMarcussen.com
# Date: June, 2025
###################################################################################################################
# Sets registry key for Secure Boot certificate opt-in and enables required telemetry level
# Ensure registry key exists
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Secureboot"
if (-not (Test-Path $regPath)) {
New-Item -Path $regPath -Force | Out-Null
}
# Set MicrosoftUpdateManagedOptIn
Set-ItemProperty -Path $regPath -Name "MicrosoftUpdateManagedOptIn" -Type DWord -Value 0x5944 -Force
# Ensure required diagnostic data level (minimum: 1)
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 1 -Force