PowerShell Code
Time Configuration Review
View-only PowerShell code for review.
<#
.SYNOPSIS
Check Secure Boot and TPM settings on remote servers.
.DESCRIPTION
This script checks the Secure Boot and TPM settings on a list of remote servers.
.EXAMPLE
Check-SecureBootTPM.ps1
.EXAMPLE
Check-SecureBootTPM.ps1 -ServerList "C:\Servers.txt" -OutputFile "C:\SecureBootTPMStatus.txt"
.INPUTS
The script does not take any inputs directly, but you can modify the variables at the beginning of the script to change the server list and output file path.
- ServerList: The path to the text file containing the list of server names or IP addresses.
- OutputFile: The path to the text file where the results will be saved.
.OUTPUTS
The script outputs the Secure Boot and TPM status of each server to a specified text file.
.NOTES
Ensure you have the necessary permissions to access the remote servers and retrieve Secure Boot and TPM information.
Run this script with administrative privileges. Be mindful of servers in disparate domains, networks, etc, as authentication issues may arise.
#>
# Path to the text file
$ServerList = Get-Content "C:\yourserverlist.txt"
# Path to the output
$OutputFile = "C:\youroutputfile.txt"
# Clear the output file if it already exists
Clear-Content $OutputFile -ErrorAction SilentlyContinue
foreach ($Server in $ServerList) {
Write-Host "`n===== Checking $Server ====="
try {
# Check Secure Boot status remotely
$secureBoot = Invoke-Command -ComputerName $Server -ScriptBlock {
Confirm-SecureBootUEFI
} -ErrorAction SilentlyContinue
if ($secureBoot -eq $true) {
$secureBootStatus = "Secure Boot: Enabled"
} elseif ($secureBoot -eq $false) {
$secureBootStatus = "Secure Boot: Disabled"
} else {
$secureBootStatus = "Secure Boot: Unknown/Not Supported"
}
# Check TPM status remotely
$tpm = Invoke-Command -ComputerName $Server -ScriptBlock {
Get-WmiObject -Namespace "Root\CIMv2\Security\MicrosoftTpm" -Class Win32_Tpm -ErrorAction SilentlyContinue
}
if ($null -eq $tpm) {
$tpmStatus = "TPM: Not Found"
} else {
if ($tpm.IsEnabled_InitialValue -eq $true -and $tpm.IsActivated_InitialValue -eq $true) {
$tpmStatus = "TPM: Present, Enabled, Activated"
} elseif ($tpm.IsEnabled_InitialValue -eq $true) {
$tpmStatus = "TPM: Present, Enabled, Not Activated"
} else {
$tpmStatus = "TPM: Present, Not Enabled"
}
}
# Write results to file
$result = "Server: $Server | $secureBootStatus | $tpmStatus"
Add-Content -Path $OutputFile -Value $result
Write-Host $result
}
catch {
$errorMsg = "Server: $Server | Error: Could not connect"
Add-Content -Path $OutputFile -Value $errorMsg
Write-Host $errorMsg
}
}
Write-Host "`n✅ Results written to $OutputFile"