<# .SYNOPSIS Detects Secure Boot certificate update status for fleet-wide monitoring. .DESCRIPTION This detection script collects Secure Boot status, certificate update registry values, and device information. It outputs a JSON string for monitoring and reporting. Compatible with Intune Remediations, GPO-based collection, and other management tools. No remediation script is needed — this is monitoring only. Exit 0 = "Without issue" (certificates updated) Exit 1 = "With issue" (certificates not updated — informational only) .PARAMETER OutputPath Optional. Path to a folder where the JSON file will be saved. If provided, saves HOSTNAME_latest.json to this folder. If not provided, outputs JSON to stdout (original behavior). .EXAMPLE # Output to stdout (Intune/SCCM detection) .\Detect-SecureBootCertUpdateStatus.ps1 .EXAMPLE # Save to network share (GPO deployment) .\Detect-SecureBootCertUpdateStatus.ps1 -OutputPath "\\server\SecureBootLogs$" .NOTES Registry paths per https://aka.ms/securebootplaybook: HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #> param( [Parameter(Mandatory = $false)] [string]$OutputPath ) # Download URL: https://aka.ms/getsecureboot -> "Deployment and Monitoring Samples" # Note: This script runs on endpoints to collect Secure Boot status data. # 1. HostName # PS Version: All | Admin: No | System Requirements: None try { $hostname = $env:COMPUTERNAME if ([string]::IsNullOrEmpty($hostname)) { Write-Warning "Hostname could not be determined" $hostname = "Unknown" } Write-Host "Hostname: $hostname" } catch { Write-Warning "Error retrieving hostname: $_" $hostname = "Error" Write-Host "Hostname: $hostname" } # 2. CollectionTime # PS Version: All | Admin: No | System Requirements: None try { $collectionTime = Get-Date if ($null -eq $collectionTime) { Write-Warning "Could not retrieve current date/time" $collectionTime = "Unknown" } Write-Host "Collection Time: $collectionTime" } catch { Write-Warning "Error retrieving date/time: $_" $collectionTime = "Error" Write-Host "Collection Time: $collectionTime" } # Registry: Secure Boot Main Key (3 values) # 3. SecureBootEnabled # PS Version: 3.0+ | Admin: May be required | System Requirements: UEFI/Secure Boot capable system try { $secureBootEnabled = Confirm-SecureBootUEFI -ErrorAction Stop Write-Host "Secure Boot Enabled: $secureBootEnabled" } catch { Write-Warning "Unable to determine Secure Boot status via cmdlet: $_" # Try registry fallback try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State" -Name UEFISecureBootEnabled -ErrorAction Stop $secureBootEnabled = [bool]$regValue.UEFISecureBootEnabled Write-Host "Secure Boot Enabled: $secureBootEnabled" } catch { Write-Warning "Unable to determine Secure Boot status via registry. System may not support UEFI/Secure Boot." $secureBootEnabled = $null Write-Host "Secure Boot Enabled: Not Available" } } # 4. HighConfidenceOptOut # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" -Name HighConfidenceOptOut -ErrorAction Stop $highConfidenceOptOut = $regValue.HighConfidenceOptOut Write-Host "High Confidence Opt Out: $highConfidenceOptOut" } catch { # HighConfidenceOptOut is optional - not present on most systems $highConfidenceOptOut = $null Write-Host "High Confidence Opt Out: Not Set" } # 4b. MicrosoftUpdateManagedOptIn # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" -Name MicrosoftUpdateManagedOptIn -ErrorAction Stop $microsoftUpdateManagedOptIn = $regValue.MicrosoftUpdateManagedOptIn Write-Host "Microsoft Update Managed Opt In: $microsoftUpdateManagedOptIn" } catch { # MicrosoftUpdateManagedOptIn is optional - not present on most systems $microsoftUpdateManagedOptIn = $null Write-Host "Microsoft Update Managed Opt In: Not Set" } # 5. AvailableUpdates # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" -Name AvailableUpdates -ErrorAction Stop $availableUpdates = $regValue.AvailableUpdates if ($null -ne $availableUpdates) { # Convert to hexadecimal format $availableUpdatesHex = "0x{0:X}" -f $availableUpdates Write-Host "Available Updates: $availableUpdatesHex" } else { Write-Host "Available Updates: Not Available" } } catch { Write-Warning "AvailableUpdates registry key not found or inaccessible" $availableUpdates = $null Write-Host "Available Updates: Not Available" } # 5b. AvailableUpdatesPolicy (GPO-controlled persistent value) # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" -Name AvailableUpdatesPolicy -ErrorAction Stop $availableUpdatesPolicy = $regValue.AvailableUpdatesPolicy if ($null -ne $availableUpdatesPolicy) { # Convert to hexadecimal format $availableUpdatesPolicyHex = "0x{0:X}" -f $availableUpdatesPolicy Write-Host "Available Updates Policy: $availableUpdatesPolicyHex" } else { Write-Host "Available Updates Policy: Not Set" } } catch { # AvailableUpdatesPolicy is optional - only set when GPO is applied $availableUpdatesPolicy = $null Write-Host "Available Updates Policy: Not Set" } # Registry: Servicing Key (3 values) # 6. UEFICA2023Status # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing" -Name UEFICA2023Status -ErrorAction Stop $uefica2023Status = $regValue.UEFICA2023Status Write-Host "Windows UEFI CA 2023 Status: $uefica2023Status" } catch { Write-Warning "Windows UEFI CA 2023 Status registry key not found or inaccessible" $uefica2023Status = $null Write-Host "Windows UEFI CA 2023 Status: Not Available" } # 7. UEFICA2023Error # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing" -Name UEFICA2023Error -ErrorAction Stop $uefica2023Error = $regValue.UEFICA2023Error Write-Host "UEFI CA 2023 Error: $uefica2023Error" } catch { # UEFICA2023Error only exists if there was an error - absence is good $uefica2023Error = $null Write-Host "UEFI CA 2023 Error: None" } # 8. UEFICA2023ErrorEvent # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing" -Name UEFICA2023ErrorEvent -ErrorAction Stop $uefica2023ErrorEvent = $regValue.UEFICA2023ErrorEvent Write-Host "UEFI CA 2023 Error Event: $uefica2023ErrorEvent" } catch { $uefica2023ErrorEvent = $null Write-Host "UEFI CA 2023 Error Event: Not Available" } # Registry: Device Attributes (7 values: 9-15) # 9. OEMManufacturerName # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -Name OEMManufacturerName -ErrorAction Stop $oemManufacturerName = $regValue.OEMManufacturerName if ([string]::IsNullOrEmpty($oemManufacturerName)) { Write-Warning "OEMManufacturerName is empty" $oemManufacturerName = "Unknown" } Write-Host "OEM Manufacturer Name: $oemManufacturerName" } catch { Write-Warning "OEMManufacturerName registry key not found or inaccessible" $oemManufacturerName = $null Write-Host "OEM Manufacturer Name: Not Available" } # 10. OEMModelSystemFamily # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -Name OEMModelSystemFamily -ErrorAction Stop $oemModelSystemFamily = $regValue.OEMModelSystemFamily if ([string]::IsNullOrEmpty($oemModelSystemFamily)) { Write-Warning "OEMModelSystemFamily is empty" $oemModelSystemFamily = "Unknown" } Write-Host "OEM Model System Family: $oemModelSystemFamily" } catch { Write-Warning "OEMModelSystemFamily registry key not found or inaccessible" $oemModelSystemFamily = $null Write-Host "OEM Model System Family: Not Available" } # 11. OEMModelNumber # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -Name OEMModelNumber -ErrorAction Stop $oemModelNumber = $regValue.OEMModelNumber if ([string]::IsNullOrEmpty($oemModelNumber)) { Write-Warning "OEMModelNumber is empty" $oemModelNumber = "Unknown" } Write-Host "OEM Model Number: $oemModelNumber" } catch { Write-Warning "OEMModelNumber registry key not found or inaccessible" $oemModelNumber = $null Write-Host "OEM Model Number: Not Available" } # 12. FirmwareVersion # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -Name FirmwareVersion -ErrorAction Stop $firmwareVersion = $regValue.FirmwareVersion if ([string]::IsNullOrEmpty($firmwareVersion)) { Write-Warning "FirmwareVersion is empty" $firmwareVersion = "Unknown" } Write-Host "Firmware Version: $firmwareVersion" } catch { Write-Warning "FirmwareVersion registry key not found or inaccessible" $firmwareVersion = $null Write-Host "Firmware Version: Not Available" } # 13. FirmwareReleaseDate # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -Name FirmwareReleaseDate -ErrorAction Stop $firmwareReleaseDate = $regValue.FirmwareReleaseDate if ([string]::IsNullOrEmpty($firmwareReleaseDate)) { Write-Warning "FirmwareReleaseDate is empty" $firmwareReleaseDate = "Unknown" } Write-Host "Firmware Release Date: $firmwareReleaseDate" } catch { Write-Warning "FirmwareReleaseDate registry key not found or inaccessible" $firmwareReleaseDate = $null Write-Host "Firmware Release Date: Not Available" } # 14. OSArchitecture # PS Version: All | Admin: No | System Requirements: None try { $osArchitecture = $env:PROCESSOR_ARCHITECTURE if ([string]::IsNullOrEmpty($osArchitecture)) { # Try registry fallback $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -Name OSArchitecture -ErrorAction Stop $osArchitecture = $regValue.OSArchitecture } if ([string]::IsNullOrEmpty($osArchitecture)) { Write-Warning "OSArchitecture could not be determined" $osArchitecture = "Unknown" } Write-Host "OS Architecture: $osArchitecture" } catch { Write-Warning "Error retrieving OSArchitecture: $_" $osArchitecture = "Unknown" Write-Host "OS Architecture: $osArchitecture" } # 15. CanAttemptUpdateAfter (FILETIME) # PS Version: All | Admin: May be required | System Requirements: None try { $regValue = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -Name CanAttemptUpdateAfter -ErrorAction Stop $canAttemptUpdateAfter = $regValue.CanAttemptUpdateAfter # Convert FILETIME to UTC DateTime — registry stores as REG_BINARY (byte[]) or REG_QWORD (long) if ($null -ne $canAttemptUpdateAfter) { try { if ($canAttemptUpdateAfter -is [byte[]]) { $fileTime = [BitConverter]::ToInt64($canAttemptUpdateAfter, 0) $canAttemptUpdateAfter = [DateTime]::FromFileTime($fileTime).ToUniversalTime() } elseif ($canAttemptUpdateAfter -is [long]) { $canAttemptUpdateAfter = [DateTime]::FromFileTime($canAttemptUpdateAfter).ToUniversalTime() } } catch { Write-Warning "Could not convert CanAttemptUpdateAfter FILETIME to DateTime" } } Write-Host "Can Attempt Update After: $canAttemptUpdateAfter" } catch { Write-Warning "CanAttemptUpdateAfter registry key not found or inaccessible" $canAttemptUpdateAfter = $null Write-Host "Can Attempt Update After: Not Available" } # Event Logs: System Log (10 values: 16-25) # 16-25. Event Log queries # Event IDs: # 1801 - Update initiated, reboot required # 1808 - Update completed successfully # 1795 - Firmware returned error (capture error code) # 1796 - Error logged with error code (capture code) # 1800 - Reboot needed (NOT an error - update will proceed after reboot) # 1802 - Known firmware issue blocked update (capture KI_ from SkipReason) # 1803 - Matching KEK update not found (OEM needs to supply PK signed KEK) # PS Version: 3.0+ | Admin: May be required for System log | System Requirements: None try { # Query all relevant Secure Boot event IDs $allEventIds = @(1795, 1796, 1800, 1801, 1802, 1803, 1808) $events = @(Get-WinEvent -FilterHashtable @{LogName='System'; ID=$allEventIds} -MaxEvents 50 -ErrorAction Stop) if ($events.Count -eq 0) { Write-Warning "No Secure Boot events found in System log" $latestEventId = $null $bucketId = $null $confidence = $null $skipReasonKnownIssue = $null $event1801Count = 0 $event1808Count = 0 $event1795Count = 0 $event1795ErrorCode = $null $event1796Count = 0 $event1796ErrorCode = $null $event1800Count = 0 $rebootPending = $false $event1802Count = 0 $knownIssueId = $null $event1803Count = 0 $missingKEK = $false Write-Host "Latest Event ID: Not Available" Write-Host "Bucket ID: Not Available" Write-Host "Confidence: Not Available" Write-Host "Event 1801 Count: 0" Write-Host "Event 1808 Count: 0" } else { # 16. LatestEventId $latestEvent = $events | Sort-Object TimeCreated -Descending | Select-Object -First 1 if ($null -eq $latestEvent) { Write-Warning "Could not determine latest event" $latestEventId = $null Write-Host "Latest Event ID: Not Available" } else { $latestEventId = $latestEvent.Id Write-Host "Latest Event ID: $latestEventId" } # 17. BucketID - Extracted from Event 1801/1808 if ($null -ne $latestEvent -and $null -ne $latestEvent.Message) { if ($latestEvent.Message -match 'BucketId:\s*(.+)') { $bucketId = $matches[1].Trim() Write-Host "Bucket ID: $bucketId" } else { Write-Warning "BucketId not found in event message" $bucketId = $null Write-Host "Bucket ID: Not Found in Event" } } else { Write-Warning "Latest event or message is null, cannot extract BucketId" $bucketId = $null Write-Host "Bucket ID: Not Available" } # 18. Confidence - Extracted from Event 1801/1808 if ($null -ne $latestEvent -and $null -ne $latestEvent.Message) { if ($latestEvent.Message -match 'BucketConfidenceLevel:\s*(.+)') { $confidence = $matches[1].Trim() Write-Host "Confidence: $confidence" } else { Write-Warning "Confidence level not found in event message" $confidence = $null Write-Host "Confidence: Not Found in Event" } } else { Write-Warning "Latest event or message is null, cannot extract Confidence" $confidence = $null Write-Host "Confidence: Not Available" } # 18b. SkipReason - Extract KI_ from SkipReason in the same event as BucketId # This captures Known Issue IDs that appear alongside BucketId/Confidence (not just Event 1802) $skipReasonKnownIssue = $null if ($null -ne $latestEvent -and $null -ne $latestEvent.Message) { if ($latestEvent.Message -match 'SkipReason:\s*(KI_\d+)') { $skipReasonKnownIssue = $matches[1] Write-Host "SkipReason Known Issue: $skipReasonKnownIssue" -ForegroundColor Yellow } } # 19. Event1801Count $event1801Array = @($events | Where-Object {$_.Id -eq 1801}) $event1801Count = $event1801Array.Count Write-Host "Event 1801 Count: $event1801Count" # 20. Event1808Count $event1808Array = @($events | Where-Object {$_.Id -eq 1808}) $event1808Count = $event1808Array.Count Write-Host "Event 1808 Count: $event1808Count" # Initialize error event variables $event1795Count = 0 $event1795ErrorCode = $null $event1796Count = 0 $event1796ErrorCode = $null $event1800Count = 0 $rebootPending = $false $event1802Count = 0 $knownIssueId = $null $event1803Count = 0 $missingKEK = $false # Only check for error events if update is NOT complete # Skip error analysis if: 1808 is latest event OR UEFICA2023Status is "Updated" $updateComplete = ($latestEventId -eq 1808) -or ($uefica2023Status -eq "Updated") if (-not $updateComplete) { Write-Host "Update not complete - checking for error events..." -ForegroundColor Yellow # 21. Event1795 - Firmware Error (capture error code) $event1795Array = @($events | Where-Object {$_.Id -eq 1795}) $event1795Count = $event1795Array.Count if ($event1795Count -gt 0) { $latestEvent1795 = $event1795Array | Sort-Object TimeCreated -Descending | Select-Object -First 1 if ($latestEvent1795.Message -match '(?:error|code|status)[:\s]*(?:0x)?([0-9A-Fa-f]{8}|[0-9A-Fa-f]+)') { $event1795ErrorCode = $matches[1] } Write-Host "Event 1795 (Firmware Error) Count: $event1795Count" $(if ($event1795ErrorCode) { "Code: $event1795ErrorCode" }) } # 22. Event1796 - Error Code Logged (capture error code) $event1796Array = @($events | Where-Object {$_.Id -eq 1796}) $event1796Count = $event1796Array.Count if ($event1796Count -gt 0) { $latestEvent1796 = $event1796Array | Sort-Object TimeCreated -Descending | Select-Object -First 1 if ($latestEvent1796.Message -match '(?:error|code|status)[:\s]*(?:0x)?([0-9A-Fa-f]{8}|[0-9A-Fa-f]+)') { $event1796ErrorCode = $matches[1] } Write-Host "Event 1796 (Error Logged) Count: $event1796Count" $(if ($event1796ErrorCode) { "Code: $event1796ErrorCode" }) } # 23. Event1800 - Reboot Needed (NOT an error - update will proceed after reboot) $event1800Array = @($events | Where-Object {$_.Id -eq 1800}) $event1800Count = $event1800Array.Count $rebootPending = $event1800Count -gt 0 if ($rebootPending) { Write-Host "Event 1800 (Reboot Pending): Update will proceed after reboot" -ForegroundColor Cyan } # 24. Event1802 - Known Firmware Issue (capture KI_ from SkipReason) $event1802Array = @($events | Where-Object {$_.Id -eq 1802}) $event1802Count = $event1802Array.Count if ($event1802Count -gt 0) { $latestEvent1802 = $event1802Array | Sort-Object TimeCreated -Descending | Select-Object -First 1 if ($latestEvent1802.Message -match 'SkipReason:\s*(KI_\d+)') { $knownIssueId = $matches[1] } Write-Host "Event 1802 (Known Firmware Issue) Count: $event1802Count" $(if ($knownIssueId) { "KI: $knownIssueId" }) } # 25. Event1803 - Missing KEK Update (OEM needs to supply PK signed KEK) $event1803Array = @($events | Where-Object {$_.Id -eq 1803}) $event1803Count = $event1803Array.Count $missingKEK = $event1803Count -gt 0 if ($missingKEK) { Write-Host "Event 1803 (Missing KEK): OEM needs to supply PK signed KEK" -ForegroundColor Yellow } } else { Write-Host "Update complete (Event 1808 or Status=Updated) - skipping error analysis" -ForegroundColor Green } } } catch { Write-Warning "Error retrieving event logs. May require administrator privileges: $_" $latestEventId = $null $bucketId = $null $confidence = $null $skipReasonKnownIssue = $null $event1801Count = 0 $event1808Count = 0 $event1795Count = 0 $event1795ErrorCode = $null $event1796Count = 0 $event1796ErrorCode = $null $event1800Count = 0 $rebootPending = $false $event1802Count = 0 $knownIssueId = $null $event1803Count = 0 $missingKEK = $false Write-Host "Latest Event ID: Error" Write-Host "Bucket ID: Error" Write-Host "Confidence: Error" Write-Host "Event 1801 Count: 0" Write-Host "Event 1808 Count: 0" } # WMI/CIM Queries (5 values) # 26. OSVersion # PS Version: 3.0+ (use Get-WmiObject for 2.0) | Admin: No | System Requirements: None try { $osInfo = Get-CimInstance Win32_OperatingSystem -ErrorAction Stop if ($null -eq $osInfo -or [string]::IsNullOrEmpty($osInfo.Version)) { Write-Warning "Could not retrieve OS version" $osVersion = "Unknown" } else { $osVersion = $osInfo.Version } Write-Host "OS Version: $osVersion" } catch { # CIM may fail in some environments - use fallback $osVersion = [System.Environment]::OSVersion.Version.ToString() if ([string]::IsNullOrEmpty($osVersion)) { $osVersion = "Unknown" } Write-Host "OS Version: $osVersion" } # 27. LastBootTime # PS Version: 3.0+ (use Get-WmiObject for 2.0) | Admin: No | System Requirements: None try { $osInfo = Get-CimInstance Win32_OperatingSystem -ErrorAction Stop if ($null -eq $osInfo -or $null -eq $osInfo.LastBootUpTime) { Write-Warning "Could not retrieve last boot time" $lastBootTime = $null Write-Host "Last Boot Time: Not Available" } else { $lastBootTime = $osInfo.LastBootUpTime Write-Host "Last Boot Time: $lastBootTime" } } catch { # CIM may fail in some environments - use fallback try { $lastBootTime = (Get-Process -Id 0 -ErrorAction SilentlyContinue).StartTime } catch { $lastBootTime = $null } if ($lastBootTime) { Write-Host "Last Boot Time: $lastBootTime" } else { Write-Host "Last Boot Time: Not Available" } } # 28. BaseBoardManufacturer # PS Version: 3.0+ (use Get-WmiObject for 2.0) | Admin: No | System Requirements: None try { $baseBoard = Get-CimInstance Win32_BaseBoard -ErrorAction Stop if ($null -eq $baseBoard -or [string]::IsNullOrEmpty($baseBoard.Manufacturer)) { Write-Warning "Could not retrieve baseboard manufacturer" $baseBoardManufacturer = "Unknown" } else { $baseBoardManufacturer = $baseBoard.Manufacturer } Write-Host "Baseboard Manufacturer: $baseBoardManufacturer" } catch { # CIM may fail - baseboard info is supplementary $baseBoardManufacturer = "Unknown" Write-Host "Baseboard Manufacturer: $baseBoardManufacturer" } # 29. BaseBoardProduct # PS Version: 3.0+ (use Get-WmiObject for 2.0) | Admin: No | System Requirements: None try { $baseBoard = Get-CimInstance Win32_BaseBoard -ErrorAction Stop if ($null -eq $baseBoard -or [string]::IsNullOrEmpty($baseBoard.Product)) { Write-Warning "Could not retrieve baseboard product" $baseBoardProduct = "Unknown" } else { $baseBoardProduct = $baseBoard.Product } Write-Host "Baseboard Product: $baseBoardProduct" } catch { # CIM may fail - baseboard info is supplementary $baseBoardProduct = "Unknown" Write-Host "Baseboard Product: $baseBoardProduct" } # 30. SecureBootTaskEnabled # PS Version: All | Admin: No | System Requirements: Scheduled Task exists # Checks if the Secure-Boot-Update scheduled task is enabled $secureBootTaskEnabled = $null $secureBootTaskStatus = "Unknown" try { $taskOutput = schtasks.exe /Query /TN "\Microsoft\Windows\PI\Secure-Boot-Update" /FO CSV 2>&1 if ($LASTEXITCODE -eq 0) { $taskData = $taskOutput | ConvertFrom-Csv if ($taskData) { $secureBootTaskStatus = $taskData.Status $secureBootTaskEnabled = ($taskData.Status -eq 'Ready' -or $taskData.Status -eq 'Running') } } else { $secureBootTaskStatus = "NotFound" $secureBootTaskEnabled = $false } if ($secureBootTaskEnabled -eq $false) { Write-Host "SecureBoot Update Task: $secureBootTaskStatus (Enabled: $secureBootTaskEnabled)" -ForegroundColor Yellow } else { Write-Host "SecureBoot Update Task: $secureBootTaskStatus (Enabled: $secureBootTaskEnabled)" -ForegroundColor Green } } catch { $secureBootTaskStatus = "Error" $secureBootTaskEnabled = $false Write-Host "SecureBoot Update Task: Error checking - $_" -ForegroundColor Red } # 31. WinCS Key Status (F33E0C8E002 - Secure Boot Certificate Update) # PS Version: All | Admin: Yes (for query) | System Requirements: WinCsFlags.exe $wincsKeyApplied = $null $wincsKeyStatus = "Unknown" try { # Check common locations for WinCsFlags.exe $wincsFlagsPath = $null $possiblePaths = @( "$env:SystemRoot\System32\WinCsFlags.exe", "$env:SystemRoot\SysWOW64\WinCsFlags.exe" ) foreach ($p in $possiblePaths) { if (Test-Path $p) { $wincsFlagsPath = $p; break } } if ($wincsFlagsPath) { # Query specific key - requires admin rights $queryOutput = & $wincsFlagsPath /query --key F33E0C8E002 2>&1 $queryOutputStr = $queryOutput -join "`n" if ($LASTEXITCODE -eq 0) { # Check if key is applied (look for "Active Configuration" or similar indicator) if ($queryOutputStr -match "Active Configuration.*:.*enabled" -or $queryOutputStr -match "Configuration.*applied") { $wincsKeyApplied = $true $wincsKeyStatus = "Applied" Write-Host "WinCS Key F33E0C8E002: Applied" -ForegroundColor Green } elseif ($queryOutputStr -match "not found|No configuration") { $wincsKeyApplied = $false $wincsKeyStatus = "NotApplied" Write-Host "WinCS Key F33E0C8E002: Not Applied" -ForegroundColor Yellow } else { # Key exists - check output for state $wincsKeyApplied = $true $wincsKeyStatus = "Applied" Write-Host "WinCS Key F33E0C8E002: Applied" -ForegroundColor Green } } else { # Check for specific error messages if ($queryOutputStr -match "Access denied|administrator") { $wincsKeyStatus = "AccessDenied" Write-Host "WinCS Key F33E0C8E002: Access denied (run as admin)" -ForegroundColor DarkGray } elseif ($queryOutputStr -match "not found|No configuration") { $wincsKeyApplied = $false $wincsKeyStatus = "NotApplied" Write-Host "WinCS Key F33E0C8E002: Not Applied" -ForegroundColor Yellow } else { $wincsKeyStatus = "QueryFailed" Write-Host "WinCS Key F33E0C8E002: Query failed" -ForegroundColor Red } } } else { $wincsKeyStatus = "WinCsFlagsNotFound" Write-Host "WinCS Key F33E0C8E002: WinCsFlags.exe not found" -ForegroundColor Gray } } catch { $wincsKeyStatus = "Error" Write-Host "WinCS Key F33E0C8E002: Error checking - $_" -ForegroundColor Red } # ============================================================================= # Certificate Presence Detection (UEFI db and KEK) # ============================================================================= # Initialize cert detection variables $FirstPartyDB2023Updated = 0 $FirstPartyKEK2023Updated = 0 $ThirdParty2011CAPresent = 0 $ThirdParty2023CertsRequired = 0 $ThirdParty2023CertUpdated = 0 $ThirdPartyOptionRom2023CertUpdated = 0 try { # Read the UEFI db (Signature Database) once $dbBytes = (Get-SecureBootUEFI db -ErrorAction Stop).bytes $dbString = [System.Text.Encoding]::ASCII.GetString($dbBytes) # 1P DB: Windows UEFI CA 2023 (required on ALL systems) if ($dbString -match 'Windows UEFI CA 2023') { $FirstPartyDB2023Updated = 1 } # Check if 3P 2011 CA is trusted (determines whether 3P 2023 certs are required) if ($dbString -match 'Microsoft Corporation UEFI CA 2011') { $ThirdParty2011CAPresent = 1 $ThirdParty2023CertsRequired = 1 } # 3P DB: Microsoft UEFI CA 2023 (required only if 3P 2011 CA present) if ($dbString -match 'Microsoft UEFI CA 2023') { if ($ThirdParty2023CertsRequired -eq 1) { $ThirdParty2023CertUpdated = 1 } } # 3P DB: Microsoft Option ROM UEFI CA 2023 (required only if 3P 2011 CA present) if ($dbString -match 'Microsoft Option ROM UEFI CA 2023') { if ($ThirdParty2023CertsRequired -eq 1) { $ThirdPartyOptionRom2023CertUpdated = 1 } } } catch { Write-Warning "Unable to read UEFI Secure Boot db variable: $_" Write-Host "UEFI db certificate detection: Not Available (requires admin and UEFI system)" -ForegroundColor DarkGray } try { # Read the UEFI KEK once $kekBytes = (Get-SecureBootUEFI kek -ErrorAction Stop).bytes $kekString = [System.Text.Encoding]::ASCII.GetString($kekBytes) # 1P KEK: Microsoft Corporation KEK 2K CA 2023 (required on ALL systems) if ($kekString -match 'Microsoft Corporation KEK 2K CA 2023') { $FirstPartyKEK2023Updated = 1 } } catch { Write-Warning "Unable to read UEFI Secure Boot KEK variable: $_" Write-Host "UEFI KEK certificate detection: Not Available (requires admin and UEFI system)" -ForegroundColor DarkGray } # 3P cert updated flags are only meaningful when 1P certs are both updated # If 1P certs are not updated, reset 3P updated flags to 0 since the base requirement is not met if ($FirstPartyDB2023Updated -eq 0 -or $FirstPartyKEK2023Updated -eq 0) { $ThirdParty2023CertUpdated = 0 $ThirdPartyOptionRom2023CertUpdated = 0 } # Visual summary with full certificate names Write-Host "" Write-Host "=== Certificate Update Summary ===" -ForegroundColor Cyan Write-Host " [1P] Windows UEFI CA 2023 (db): $(if ($FirstPartyDB2023Updated) { 'Updated' } else { 'Not Updated' })" -ForegroundColor $(if ($FirstPartyDB2023Updated) { 'Green' } else { 'Yellow' }) Write-Host " [1P] Microsoft Corporation KEK 2K CA 2023 (KEK): $(if ($FirstPartyKEK2023Updated) { 'Updated' } else { 'Not Updated' })" -ForegroundColor $(if ($FirstPartyKEK2023Updated) { 'Green' } else { 'Yellow' }) Write-Host " [3P] Microsoft Corporation UEFI CA 2011 (db): $(if ($ThirdParty2011CAPresent) { 'Present - 3P 2023 certs required' } else { 'Not Present - 3P 2023 certs not required' })" -ForegroundColor $(if ($ThirdParty2011CAPresent) { 'Cyan' } else { 'Green' }) if ($ThirdParty2023CertsRequired) { Write-Host " [3P] Microsoft UEFI CA 2023 (db): $(if ($ThirdParty2023CertUpdated) { 'Updated' } else { 'Not Updated' })" -ForegroundColor $(if ($ThirdParty2023CertUpdated) { 'Green' } else { 'Yellow' }) Write-Host " [3P] Microsoft Option ROM UEFI CA 2023 (db): $(if ($ThirdPartyOptionRom2023CertUpdated) { 'Updated' } else { 'Not Updated' })" -ForegroundColor $(if ($ThirdPartyOptionRom2023CertUpdated) { 'Green' } else { 'Yellow' }) } Write-Host "===================================" -ForegroundColor Cyan Write-Host "" # ============================================================================= # Remediation Detection - Status Output & Exit Code # ============================================================================= # Build status object from all collected inventory data $status = [ordered]@{ UEFICA2023Status = $uefica2023Status UEFICA2023Error = $uefica2023Error UEFICA2023ErrorEvent = $uefica2023ErrorEvent AvailableUpdates = if ($null -ne $availableUpdates) { $availableUpdatesHex } else { $null } AvailableUpdatesPolicy = if ($null -ne $availableUpdatesPolicy) { $availableUpdatesPolicyHex } else { $null } Hostname = $hostname CollectionTime = if ($collectionTime -is [datetime]) { $collectionTime.ToString("o") } else { "$collectionTime" } SecureBootEnabled = $secureBootEnabled HighConfidenceOptOut = $highConfidenceOptOut MicrosoftUpdateManagedOptIn = $microsoftUpdateManagedOptIn OEMManufacturerName = $oemManufacturerName OEMModelSystemFamily = $oemModelSystemFamily OEMModelNumber = $oemModelNumber FirmwareVersion = $firmwareVersion FirmwareReleaseDate = $firmwareReleaseDate OSArchitecture = $osArchitecture CanAttemptUpdateAfter = if ($canAttemptUpdateAfter -is [datetime]) { $canAttemptUpdateAfter.ToString("o") } else { "$canAttemptUpdateAfter" } LatestEventId = $latestEventId BucketId = $bucketId Confidence = $confidence SkipReasonKnownIssue = $skipReasonKnownIssue # KI_ from SkipReason in BucketId event Event1801Count = $event1801Count Event1808Count = $event1808Count # Error events with captured details Event1795Count = $event1795Count # Firmware returned error Event1795ErrorCode = $event1795ErrorCode # Error code from firmware Event1796Count = $event1796Count # Error code logged Event1796ErrorCode = $event1796ErrorCode # Captured error code Event1800Count = $event1800Count # Reboot needed (NOT an error) RebootPending = $rebootPending # True if Event 1800 present Event1802Count = $event1802Count # Known firmware issue KnownIssueId = $knownIssueId # KI_ from SkipReason Event1803Count = $event1803Count # Missing KEK update MissingKEK = $missingKEK # OEM needs to supply PK signed KEK OSVersion = $osVersion LastBootTime = if ($lastBootTime -is [datetime]) { $lastBootTime.ToString("o") } else { "$lastBootTime" } BaseBoardManufacturer = $baseBoardManufacturer BaseBoardProduct = $baseBoardProduct SecureBootTaskEnabled = $secureBootTaskEnabled SecureBootTaskStatus = $secureBootTaskStatus WinCSKeyApplied = $wincsKeyApplied # True if F33E0C8E002 key is applied WinCSKeyStatus = $wincsKeyStatus # Applied, NotApplied, WinCsFlagsNotFound, etc. # Certificate presence detection (UEFI db/KEK) FirstPartyDB2023Updated = $FirstPartyDB2023Updated # 1 if Windows UEFI CA 2023 present in db FirstPartyKEK2023Updated = $FirstPartyKEK2023Updated # 1 if Microsoft Corporation KEK 2K CA 2023 present ThirdParty2011CAPresent = $ThirdParty2011CAPresent # 1 if Microsoft Corporation UEFI CA 2011 present in db ThirdParty2023CertsRequired = $ThirdParty2023CertsRequired # 1 if 3P 2011 CA present (system trusts 3P) ThirdParty2023CertUpdated = $ThirdParty2023CertUpdated # 1 if Microsoft UEFI CA 2023 present (when 1P certs updated) ThirdPartyOptionRom2023CertUpdated = $ThirdPartyOptionRom2023CertUpdated # 1 if Microsoft Option ROM UEFI CA 2023 present (when 1P certs updated) } # Output the status - For data aggregation $jsonOutput = $status | ConvertTo-Json -Compress # If OutputPath provided, save to file; otherwise output to stdout if (-not [string]::IsNullOrEmpty($OutputPath)) { # Validate OutputPath - skip if it looks like a help request or has invalid chars if ($OutputPath -match '^[/\-]' -or $OutputPath -match '[<>:"|?*]') { Write-Host "Invalid OutputPath specified, outputting to stdout" -ForegroundColor Yellow Write-Output $jsonOutput if ($secureBootEnabled -and $uefica2023Status -eq "Updated") { exit 0 } else { exit 1 } } # Ensure the output folder exists if (-not (Test-Path $OutputPath)) { try { New-Item -ItemType Directory -Path $OutputPath -Force | Out-Null } catch { Write-Warning "Could not create output folder: $OutputPath - $_" } } # Save to HOSTNAME_latest.json $outputFile = Join-Path $OutputPath "$($hostname)_latest.json" try { $jsonOutput | Out-File -FilePath $outputFile -Encoding UTF8 -Force Write-Host "JSON saved to: $outputFile" -ForegroundColor Green } catch { Write-Warning "Could not write to file: $outputFile - $_" # Fall back to stdout Write-Output $jsonOutput } } else { # Original behavior - output to stdout Write-Output $jsonOutput } # Exit code: "Updated" is the success value per the playbook if ($secureBootEnabled -and $uefica2023Status -eq "Updated") { exit 0 # Without issue } else { exit 1 # With issue } # SIG # Begin signature block # MIIpzwYJKoZIhvcNAQcCoIIpwDCCKbwCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCeNkBwSJyyu73C # //+931qN//lrktOQKYxtmEZ3qkNTO6CCDdYwgga9MIIEpaADAgECAhMzAAAAHEif # gd+hsLd3AAAAAAAcMA0GCSqGSIb3DQEBDAUAMIGIMQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0 # aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yNDA4MDgyMTM2MjNaFw0zNTA2MjMy # MjA0MDFaMF8xCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xMDAuBgNVBAMTJ01pY3Jvc29mdCBXaW5kb3dzIENvZGUgU2lnbmluZyBQ # Q0EgMjAyNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJp9a30nwXYq # Lq7j1TT/zCtt7vxU+CCj+7BkifS/B2gXKGU7OV9SXRJGP1yFs5p6jpsYi4cYzF56 # AV0AEmmEjV8wT2lvPU5BhN3wV30HqYPIYEj5P3WXf0kXD9fvjUf1GAtXEriJ8w7A # LNaVEm9Rs4ePA0ZsYHaCbU5kBUJQDXv76hafOcQgdFCA3I3zYtfzX2vOwx87uDOa # CuyKORZih9c3zTf+TLC5QYLyhVMBnDXEHDOrvaw92DSyIqpdgRWpufzqDFy1egVj # koXZhb+9pZ9heUzNXTXhOoXzexh6YzAL4flBWm+Bc1hQyESenEvBJznV+25u3h77 # jjgMUY44+WXQ4u9qddDe/U5SeAaKRvvibmi4z7QRpLvZsla0CPiOUGz00Do5sfkC # 0EwlsSzfM3+8A9rsyFVOgWDVPzt98OJP2EoaEOq8GE9GCoN2i7/4C2FCwff1BSCT # JWZO1Wcr2MteJE6UxGV+ihA8nN51YPKD2dYGoewrXvRzC/1HoUeSvlZf0mf9GHEt # vvkbJVRRo6PBf0md5t87Vb1mM/fIp1eypyaxmXkgpcBwuylsOq2kSVOJ5wBPoaEs # sJkeMcKnEuuu++UKdDHlS0DtsYjN0QnOucvTdSsdvhzKOSjJF3XVqr9f2C945LXT # 5rxKIHUIEDBcNYU6BKDDH6rfpKOOCSilAgMBAAGjggFGMIIBQjAOBgNVHQ8BAf8E # BAMCAYYwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFB6C3w7XjLPXAjSDDtqr # rWW5r7jsMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMB # Af8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBL # oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv # TWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr # BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNS # b29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQEMBQADggIBAENf+N8/ # u+mUjDtc9btoA52RBc0XVDSBMQBMqxu56hXHBwuctUWs1XBqDDMIFCHu9c6Y/UF+ # TN8EIgjnujApKYmHP4f4EM3ARSmlzrpF5ozOJx0BA5FUv1jmpdf/2ZbqpvCxlxv/ # G1R4KjrSmmqPHzs6igw3b7RTbj7BxIS8fOIkwYWQhB2fLjlg+3HSrDGPFIhpIJWV # amMIR7a72OGonjdf45rspwqIHuynZU4avy9ruB/Rhhbwm+fMb8BMecIaTmkohx/E # ZZ5GNWcN6oTYW3G2BM3B3YznWkl9t4shP60fMue+2ksdHGWSE8EVTdSmGUdj0jrU # c46lGVFJISF3/MxcxnlNeP1Khyr+ZzT4Ets/I7mufpaLnLalzMR2zIuhGOAWWswe # sbjtFzkVUFgDR2SW903I0XKlbPEA6q8epHGJ9roxh85nsEKcBNUw4Scp68KCqSpF # BaKiyV1skd+l8U50WNePMb9Bzz0OfASal8v5sQG+DW01kN+I+RKUIbM5I50wJjiH # ymQFNDsbobFx9I95mCEEPU7fUZ3VT/HOUVbkmX7ltIC/eQAu5GO8fu+ceETMybvb # oxUM4dYNC+PzooUxfmC0DuKRwB21bX9+acuIBkxIm4Ed3O19w1VLoA7UNOUuJ7z6 # NQ2W/+q7cnfOPl2QVL4qlgCblUT2vmQpllV3MIIHETCCBPmgAwIBAgITMwAAASPV # jwJDBgPuLgAAAAABIzANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQGEwJVUzEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQg # V2luZG93cyBDb2RlIFNpZ25pbmcgUENBIDIwMjQwHhcNMjYwMzA1MTk1ODI2WhcN # MjcwMzAzMTk1ODI2WjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMR4wHAYDVQQDExVNaWNyb3NvZnQgQ29ycG9yYXRpb24wggIiMA0GCSqGSIb3 # DQEBAQUAA4ICDwAwggIKAoICAQDRofDhyqNp9ilU2DM6Ctcq1F931sSAyfMEmR3c # E/fpq4C15SQYoNRfyQ1YXmcjtfWjaAB4Dsqr+po0Q6IXSERF31/leCtiRtPrS8/1 # T9FA9AeOUTaFYyqHRz1M4MVeTwu89ZHo9xR26SVQmOHbFWLinZzlBV9WUJxfz0TN # MdWwAXzxnY9nln8Fn3Y0BnCXU8V3wjeCCAxoqM0v2gPG25eNn665gv7Zt3zh3vQY # hDkb48hXJPi4DvCrpBVwCd0Iv2Sgt4qftn5STyqhdu5WWqva+pk+Sa71Db9OAy6b # L640bGmzlUek1LAP97Ey8exl0c9azmLEQB97q4JRvhCSeejBM96a8Y6ccrrfhg/h # ZJEOka1eIDJxCuKdZaWCec0v+V7oI3RStJu1BEcF9d4FQaDSaWDAbDxqXUm1fHUJ # 9Xqky1yftpTfKFw3/gqsyXV44PE7EVHwwTCAGE5Z+skXRt4HEHuIhcOGxIFbH3nA # l5KvFxopRs2zExvh2WheW8Pu79sr3baamlQA2v4k9FqJl4k1RfwO5e0/9CKyDZ6c # ck/lV8zHM7PJtNtQUHc1FoyZ78GSlX6UFiJxDWzUzPbIHMcV4PSBV8/O7bs5h/bx # r3B4PxjIpWUztZhzXBhU9vhUjQgOX5ZLV7bmSJ+IrxtaN+5w2Nsewt9N+mfUUFyK # Av38uQIDAQABo4IBrzCCAaswDgYDVR0PAQH/BAQDAgeAMB8GA1UdJQQYMBYGCisG # AQQBgjc9BgEGCCsGAQUFBwMDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNlj7H2k # ZtpiMmz55wigojWkWZZSMEUGA1UdEQQ+MDykOjA4MR4wHAYDVQQLExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xFjAUBgNVBAUTDTIzMDg2NSs1MDY5NTYwHwYDVR0jBBgw # FoAUHoLfDteMs9cCNIMO2qutZbmvuOwwagYDVR0fBGMwYTBfoF2gW4ZZaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwV2luZG93 # cyUyMENvZGUlMjBTaWduaW5nJTIwUENBJTIwMjAyNC5jcmwwdwYIKwYBBQUHAQEE # azBpMGcGCCsGAQUFBzAChltodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L2NlcnRzL01pY3Jvc29mdCUyMFdpbmRvd3MlMjBDb2RlJTIwU2lnbmluZyUyMFBD # QSUyMDIwMjQuY3J0MA0GCSqGSIb3DQEBDAUAA4ICAQAu6aVarz1Rb5/9eAD9oHOw # QS4jDknbBYnDwLcgMy/h995knuPL6/5K0XSUICUrjU3/bL56UD1tVwXsRehrHMkR # kgOMQk+7eH+Xvp6cyyTxwgIM7xy5YSf3VmJD3GI87lkGUqPFFOqGWjzZc3e/UQU7 # VbN4Elh4zJeKOdokXNuE3a5U1lAr1hnD6WpfIHO2nzGUHVSXDLMktWKMO89pMgLh # 6BXHdx1cAth+ugl86sdXC+VxCQJ28a2JvNq5RQcEBEuqSISe3/YRWYRTSLqhn8ea # v4lK4n+3fnAy2bmz76Z7UJ92X5KgTaHD+r8cvXmssFH3UbOj6EtE+c4SPNaFdIUW # GJyZBhLbThhlh1QlbTg0X47GhI89qZ/lxuYeEDYbPGaDry/KpMoUQxU+l49iQ6zd # kWSPGczB4ZDVRSrkDqz2K70tIvFaz8YfMhzTy5hhMNGvonCcguaFTgUsxr+OrvGC # WadOV/pZ3BcRafKvBDX+ney3HFcUByI3VPzIU7saoUbcujqTVA6GeNSybo8AI+71 # 9omBObyf2lriZb9a2/oVe5SiKhH/BDQVn+14Q26UxrUA/8zVOlzJS5eJQYhkHM9h # /Y2Nnmr2xLtFN0vW/aad7i104dVRaTLMBzbKIlCBOruBjM87frQc2Ncfb5Kme4u9 # o6GQVZf3kVy+p8uv8YgnQTGCG08wghtLAgEBMHYwXzELMAkGA1UEBhMCVVMxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEwMC4GA1UEAxMnTWljcm9zb2Z0 # IFdpbmRvd3MgQ29kZSBTaWduaW5nIFBDQSAyMDI0AhMzAAABI9WPAkMGA+4uAAAA # AAEjMA0GCWCGSAFlAwQCAQUAoIH6MBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEE # MC8GCSqGSIb3DQEJBDEiBCCmId3C9kmlMdEzQB18EVrcqFY8Rxaju134uxb3e+pR # 1DBQBgorBgEEAYI3CgMcMUIMQDBDOTc2OEI0M0I3OTA0MTNFN0I5QUYyNjMxMEM2 # NjVFMUE5MkJENkFCMDg3MTQ0QUNCMjRCMTQzMjI3NTZCMUYwWgYKKwYBBAGCNwIB # DDFMMEqgJIAiAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAc6EigCBo # dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vd2luZG93czANBgkqhkiG9w0BAQEFAASC # AgDRTKihs827VxiMgvelcLB5/uupqbBwUJDhnrimtBjPkErY84U4D//HxfvoPC0Q # cYVRIJksMBFiL2/nbGQ5lGUjKxKplUEym7S8yOpFJ7sYZ8VXvVhPxbo/CwHWxR0n # gvfOFlqsOH7kH3fFFNSgL0OKjA+O0ySkkZU4dwSyE0L/CpkNWEwq9p58728pYKVP # pp8Wm7w97oi2s/EfajvkJEtgJ+SJnYfl/6txDIRVVeMBLd0Z87DU7M0Wlb8mgcXu # jTsWtp2YaG872ppoxzDsSfRP0t8wq0NukTT0lX5zkC1uAD+VIJVOxRqAFV8ZzUqy # 2DAy+uvCseou3Q1aiOhBqg36SDKtBRB/8T3K47BX6dxF0ImvO/B3p+zqvZkwslWn # juxVWe4HfAVGqNB+dIWG+UxHlaBSUnLlcrGeL21DFwAm3wdhjrzw01P7nhRDUpYH # PbvGa2O+BIuQ9MalcaklonANa4obDsz1ZeGyGr/Ef1TyfXN6dx0A4se/UBqRkMib # +CkU4+c8/QbYPmyrQAr5zdgMWxAT7uoKaotlLVB8xSgMJ9lYbbMjmxxHQvWMlYi0 # EzRl0DZx17EX21DDuJXsZparwGafnHZTzK1DjZBGJFAVYDxL0FzavCRLNwqJyeBK # Ro/46OYk0gxRGc0zdc921RP7Nh+EAPTBWRSOxjWkCdjpqaGCF60wghepBgorBgEE # AYI3AwMBMYIXmTCCF5UGCSqGSIb3DQEHAqCCF4YwgheCAgEDMQ8wDQYJYIZIAWUD # BAIBBQAwggFaBgsqhkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGEWQoD # ATAxMA0GCWCGSAFlAwQCAQUABCBthNOFhyUHoTUrb17tS4HMPDkHTJ8fc1e8n53E # n8cZwAIGaetgJC+UGBMyMDI2MDUwNjE1NDA1MC4yMzRaMASAAgH0oIHZpIHWMIHT # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRN # aWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5T # aGllbGQgVFNTIEVTTjozNjA1LTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgU2VydmljZaCCEfswggcoMIIFEKADAgECAhMzAAACE7BDNWbP # r5XoAAEAAAITMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD # QSAyMDEwMB4XDTI1MDgxNDE4NDgxN1oXDTI2MTExMzE4NDgxN1owgdMxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29m # dCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVsZCBU # U1MgRVNOOjM2MDUtMDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1T # dGFtcCBTZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9Jl6 # 4LoZxDINSFgz+9KS5Ozv5m548ePVzc9RXWe4T4/Mplfga4eq12RGdp5cVvnjde5v # xfq2ax/jnu7vUW4rZN4mOUm5vh+kcYsQlYQ53FwgIB3nEjcQHomrG3mZe/ozjFSA # r6JbglKtIeAySPzAcFzyAer5lLNUHBEvQMM8BOjMyapCvh0xsg4xKFcVEJQLKEfC # GBffMZI/amutHFb3CUTZ7aVpG2KHEFUNlZ1vwMKvxXTPRDnbwPGzyyqJJznfsLNH # Q4vXt2ttS1PeCoGI0hN1Peq8yGsIXM9oocwC06DGNSM/4LAx2uKvwmUn6NwLc0+t # mvny6w28rZLejskRfnVWofEv1mWY0jHUnHrwSGBS8gVP9gcBs6P5g0OpJPMfxdUk # HXRkcMPPW0hIP8NbW8W5Sup8HuwnSKbjpyAlGBUdM/V5rZb0sZmkn714r6ULGK+c # LLAN6R3FhX6N0nj64F27LTK2BbS0pJZaXjo0eDNz1QcxeIFLUgF+RBsLYDn8E8cC # kexK8Nlt3Gi9zJf55w6UfTZ+kwTMxMqFxh7+Tfx7+aBObZ+nx961AtiqAy7zVV69 # o/LWRdKPZdvZn9ESyGbTnPfjkBERv22prSlETlRwzP6bmEVOKWLWVwxuwh7bUWUu # Ub1cj93zvttQYGQat5E9ALLJNmlvLKCskB7raLsCAwEAAaOCAUkwggFFMB0GA1Ud # DgQWBBQTnhBKx+FryphQWMRipH49sMFAOjAfBgNVHSMEGDAWgBSfpxVdAF5iXYP0 # 5dJlpxtTNRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw # MjAxMCgxKS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUt # U3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB # /wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOC # AgEAgmxaJrGqQ2D6UJhZ6Ql2SZFOaNuGbW3LzB+ES+l2BB1MJtBRSFdi/hVY33Np # xsJQhQ5TLVp0DXYOkIoPQc17rH+IVhemO8jCt+U6I1TIw6cR7c+tEo/Jjp6EqEU1 # c4/mraMjgHhQ+raC/OUAm98A1r4bIPHtsBmLROGmeE5XLIFaBIZWHvh2COXITKOb # XVd5wGtJ1dZZdwaHACXF506jta+uoUdyzAeuNlTPLTrZ8nyhxGwk9Vh6eiDQ7CQM # WSSa8DJS9PUXjeoi9vTdS7ZMXqu+tv6Qz3xtoBF5+YFK4uE+miGs90Fxm0VK2lWr # mFhjkRl5zyoHOdwG7spNYkDomCPNWIudUQmQYKpt/Hsspfcb+xpnWIDQdMzgE8pj # 1vpwLgWEnH7LtT4dZCeoDo9PK40RxBD8kKJ769ngkEwfwCD2EX/MQk79eIvOhpnH # 12GuVByvaKZk5XZvqtPONNwr8q/qA3877IuWwWgnaeX+prpw0dZ/QLtbGGVrgP+T # RQjt+2dcZA5P3X4LwANhiPsy0Ol4XCdj7OxBLFvOzsCPDPaVnkp+dfDFG+NOBir7 # aqTJ68622pymg1V+6gc/1RvxC/wgvYyG033ecJqv0On0ZRNYr+i/OkwgA3HP1aLD # 0aHrEpw6lt0263iRkCvrcdcOW8w3jC8TJuaGWyC2S9jEjzgwggdxMIIFWaADAgEC # AhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQg # Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVa # Fw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIIC # IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7V # gtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeF # RiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3X # D9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoP # z130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+ # tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5Jas # AUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/b # fV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuv # XsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg # 8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzF # a/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqP # nhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEw # IwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSf # pxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBB # MD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0Rv # Y3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGC # NxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w # HwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmg # R4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWlj # Um9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEF # BQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29D # ZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEs # H2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHk # wo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinL # btg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCg # vxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsId # w2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2 # zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23K # jgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beu # yOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/ # tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjm # jJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBj # U02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYIDVjCCAj4CAQEwggEBoYHZpIHWMIHT # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRN # aWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5T # aGllbGQgVFNTIEVTTjozNjA1LTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUAmBE8SCjxgjacmy8/ # VEdk7NxpR6aggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAN # BgkqhkiG9w0BAQsFAAIFAO2lr80wIhgPMjAyNjA1MDYxMjE3MTdaGA8yMDI2MDUw # NzEyMTcxN1owdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA7aWvzQIBADAHAgEAAgID # AzAHAgEAAgIT8DAKAgUA7acBTQIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEE # AYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBCwUAA4IB # AQApqc0a6QpmQ0l5CTsd8jfdj5HP+k0+I3hCnSKNxMA79sANomINIn/kC+IJl123 # inRY4M7mdgTw0iTVUmo4zeBcIwzZC1pj0cQuCUGYRXOKm3s2R4Nxk3hy7TA6nocS # LYq5y/e/pDBqhA1b+wQgSH83iM+LrXS8+u1pr2cQcacybGAcUb29ApzRkD/eVtYm # izRNkMCTxKFLnktN9f069woU9sLR7IiWcbhuhTYaJsr8AVFInyCARmtFrm+1VeMJ # vHMh52axDgepQS9x2HEIgTGqq7jqLEgVx15UJUnAaqS5H4y2VfnWUHza7pWG4BPh # 1Ybtj2gckzQN6vjBaDp11m6eMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUt # U3RhbXAgUENBIDIwMTACEzMAAAITsEM1Zs+vlegAAQAAAhMwDQYJYIZIAWUDBAIB # BQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQx # IgQgyqCaMsu03kPCmZPVf0HtSeEunzFSGgE07tyfiQF2i3wwgfoGCyqGSIb3DQEJ # EAIvMYHqMIHnMIHkMIG9BCDM4QltFIUz8J4DjAzP4nVodZvQxYGleUIfp86Oa5xY # aDCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # JjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAACE7BD # NWbPr5XoAAEAAAITMCIEIIiN+xIf7mLwfB8Supp5NJS1SBcb7GQlMaAZCrC78Zxy # MA0GCSqGSIb3DQEBCwUABIICAECM7MVPhv34YwgdhwnvIlmxv32Y3HM9OmgND3Bf # EUFL1pWf9fp3hNOhebfqNQb9X3VcFbXh8bjQSXKlMLfX8eXAFG1Wpsm6MZKarX+o # ZSTmc3zpgBwSKTWndh2YJcEA1SwLHd5AB/Oow0aFZcrizea9HNtX4l8Pa/tQw9dz # BI2VfKn/4y6BYDNVazwKtaXaf1r7Su2SM9E95456WbWPRrb5yBjABiQ6I4CsMpWw # LVH/jrMb+gK+cnz5rdrhG+T7nci/cV0nykxDYNX9RdUc+i/IkWeo+rVyBEfD92Rf # uZb8iapQ74uiau4U3Xp5PJ5/RtIO8g3tvzogP782MnOCe2vDc6iPpDSjvrXqrK7q # WDJn/Bu3DvyFfsEhLKIz00z5xAK7/H3y/tW3ts4n8tctvMn+trMzz2pbFRkdFLuu # L0l+8fLPdWCfeLjddiqXXJclCsV75mni56SDVCl32YqyngY0+AHfRO3nxNWN1rlW # 3OTWQihga/6TZ89ARqRc1kbUjx7P4dq0xFtWKvStXr9MOxH0/ToxaXjiD9yYOuTH # vIxstVJaLoMU1AD8zOlpJjkhspe9ZLO8fz50Ca9w3dk2mcyWPv9AOAkBlkEUmRN3 # MUdnZOAwKkvZmWFdDwdLNS5qGbmL1L7M8TAZFyAGCLQM6zPTFS+B77j6I7ZLkT8S # X64N # SIG # End signature block x

Windows NT KPTV 6.2 build 9200 (Windows Server 2012 Datacenter Edition) i586