Mike Terrill on Windows 10’s Secure Boot and Cfg Mgr

Mike Terrill has an article on using Windows 10 and Secure Boot, and using Configuration Manager to show the state of Secure Boot:

Inventory Secure Boot State and UEFI with ConfigMgr

Now that Windows 10 has been released, you are probably starting to take a closer look at the new OS and the related security benefits that it has to offer.  Secure Boot is a supported security feature in Windows 10 that secures the boot process by only allowing the loading of drivers and boot loaders that are signed with a trusted signature.  The first versions of Windows to support Secure Boot were Windows 8 and Windows Server 2012.  Secure Boot requires computer systems to be running UEFI 2.3.1 (or later).  Legacy ROMs or compatibility support modules (CSM) must be disabled in order to enable Secure Boot. In this blog, I will show you how to extend the Configuration Manager hardware inventory so that you can report on the state of Secure Boot in your environment.  This will not only tell you which systems have Secure Boot enabled or disabled, but it will also help you detect systems that are not currently running UEFI (the ones running in BIOS mode).  Identifying these systems will be helpful when determining the deployment method that you will select when moving to Windows 10.  If it is a requirement of your security team that all systems running Windows 10 must also be running Secure Boot, it will give you an idea on how much effort will be involved during the deployment process. […]

Inventory Secure Boot State and UEFI with ConfigMgr


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s