Bu yazıda, aşağıdaki görselde yer alan ve Secure Boot Update durumunu gösteren registry anahtar değerlerinin Configuration Manager ile nasıl toplanabileceğini anlatacağım.
- CM Pivot Yöntemi
Bu yöntem ile Device Collection ya da bir bilgisayarın güncel durumunu sorgulayabilirsiniz.
Bu sorgu sadece açık olan bilgisayarlardan cevap dönecektir.
Registry('hklm:\\system\\CurrentControlSet\\Control\\SecureBoot\\Servicing') | where Property == 'UEFICA2023Status'
- Hardware Inventory Yöntemi
Bu yöntemin amacı, bilgisayarlardan düzenli olarak toplanan Hardware Inventory verilerine Secure Boot ile ilgili registry anahtarlarını da dâhil etmektir.
| Uyarı: Bu işlem kritik niteliktedir ve hata toleransı yoktur. İşleme başlamadan önce değişiklik yapılacak dosyaların mutlaka yedeğini alınız. |
Primary Site Server üzerinde Configuration Manager’ın yüklü olduğu dizin altında aşağıdaki yola giderek “configuration.mof” dosyasının bir yedeğini alınız.
\inboxes\clifiles.src\hinv\configuration.mof
Daha sonra bu dosyayı Notepad ile açarak aşağıdaki kodu uygun bölüme ekleyiniz.
İşleme başlamadan önce dataldr.log dosyasını takip ediniz. Eklediğiniz kodun Configuration Manager tarafından hatasız şekilde parse edildiğini mutlaka kontrol ediniz.
// ======================================================
// Added extensions - SecureBoot2023 Inventory
// ======================================================
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("SecureBoot2023_Inventory", NOFAIL)
[ DYNPROPS ]
Class SecureBoot2023_Inventory
{
[key] string KeyName;
string UEFICA2023Status;
uint32 WindowsUEFICA2023Capable;
uint32 AvailableUpdates;
uint32 BootMgrLastUpdateError;
string BootMgrLastUpdateErrorReason;
string BucketHash;
string ConfidenceLevel;
uint32 ConfidenceUpdateType;
uint32 DB3POROMLastUpdateError;
string DB3POROMLastUpdateErrorReason;
uint32 DB3PUEFILastUpdateError;
string DB3PUEFILastUpdateErrorReason;
uint32 DBLastUpdateError;
string DBLastUpdateErrorReason;
uint32 KEKLastUpdateError;
string KEKLastUpdateErrorReason;
uint32 LastParsedBucketDataVersion;
uint32 UEFICA2023Error;
uint32 UEFICA2023ErrorEvent;
uint32 SBATUpdateStatus;
};
[ DYNPROPS ]
Instance of SecureBoot2023_Inventory
{
KeyName = "SecureBoot2023";
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|UEFICA2023Status"),
Dynamic, Provider("RegPropProv") ]
UEFICA2023Status;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|WindowsUEFICA2023Capable"),
Dynamic, Provider("RegPropProv") ]
WindowsUEFICA2023Capable;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot|AvailableUpdates"),
Dynamic, Provider("RegPropProv") ]
AvailableUpdates;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|BootMgrLastUpdateError"),
Dynamic, Provider("RegPropProv") ]
BootMgrLastUpdateError;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|BootMgrLastUpdateErrorReason"),
Dynamic, Provider("RegPropProv") ]
BootMgrLastUpdateErrorReason;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|BucketHash"),
Dynamic, Provider("RegPropProv") ]
BucketHash;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|ConfidenceLevel"),
Dynamic, Provider("RegPropProv") ]
ConfidenceLevel;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|ConfidenceUpdateType"),
Dynamic, Provider("RegPropProv") ]
ConfidenceUpdateType;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DB3POROMLastUpdateError"),
Dynamic, Provider("RegPropProv") ]
DB3POROMLastUpdateError;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DB3POROMLastUpdateErrorReason"),
Dynamic, Provider("RegPropProv") ]
DB3POROMLastUpdateErrorReason;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DB3PUEFILastUpdateError"),
Dynamic, Provider("RegPropProv") ]
DB3PUEFILastUpdateError;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DB3PUEFILastUpdateErrorReason"),
Dynamic, Provider("RegPropProv") ]
DB3PUEFILastUpdateErrorReason;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DBLastUpdateError"),
Dynamic, Provider("RegPropProv") ]
DBLastUpdateError;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DBLastUpdateErrorReason"),
Dynamic, Provider("RegPropProv") ]
DBLastUpdateErrorReason;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|KEKLastUpdateError"),
Dynamic, Provider("RegPropProv") ]
KEKLastUpdateError;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|KEKLastUpdateErrorReason"),
Dynamic, Provider("RegPropProv") ]
KEKLastUpdateErrorReason;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|LastParsedBucketDataVersion"),
Dynamic, Provider("RegPropProv") ]
LastParsedBucketDataVersion;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|UEFICA2023Error"),
Dynamic, Provider("RegPropProv") ]
UEFICA2023Error;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|UEFICA2023ErrorEvent"),
Dynamic, Provider("RegPropProv") ]
UEFICA2023ErrorEvent;
[ PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\SBAT|UpdateStatus"),
Dynamic, Provider("RegPropProv") ]
SBATUpdateStatus;
};
configuration.mof dosyasına ilgili kodu eklediğinizde işlemin sorunsuz olduğunu dataldr.log da aşağıdaki gibi görmelisiniz.
Hata alırsanız kodu yanlış yere yapıştırdığınız anlamına gelir.
Bir sonraki işlem Default Client Settings üzerinden gerçekleşecek. Aşağıdaki kodu bir txt içine kopyalayın ve dosyayı. mof uzantılı olacak şekilde kaydedin.
// ======================================================
// SecureBoot2023 Hardware Inventory Class
// ======================================================
#pragma namespace ("\\\\.\\root\\cimv2")
[ SMS_Report (TRUE),
SMS_Group_Name ("SecureBoot2023"),
SMS_Class_ID ("SECUREBOOT2023") ]
class SecureBoot2023_Inventory : SMS_Class_Template
{
[SMS_Report (TRUE)]
string KeyName;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|UEFICA2023Status"),
Dynamic, Provider("RegPropProv")]
string UEFICA2023Status;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|WindowsUEFICA2023Capable"),
Dynamic, Provider("RegPropProv")]
uint32 WindowsUEFICA2023Capable;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot|AvailableUpdates"),
Dynamic, Provider("RegPropProv")]
uint32 AvailableUpdates;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|BootMgrLastUpdateError"),
Dynamic, Provider("RegPropProv")]
uint32 BootMgrLastUpdateError;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|BootMgrLastUpdateErrorReason"),
Dynamic, Provider("RegPropProv")]
string BootMgrLastUpdateErrorReason;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|BucketHash"),
Dynamic, Provider("RegPropProv")]
string BucketHash;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|ConfidenceLevel"),
Dynamic, Provider("RegPropProv")]
string ConfidenceLevel;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|ConfidenceUpdateType"),
Dynamic, Provider("RegPropProv")]
uint32 ConfidenceUpdateType;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DB3POROMLastUpdateError"),
Dynamic, Provider("RegPropProv")]
uint32 DB3POROMLastUpdateError;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DB3POROMLastUpdateErrorReason"),
Dynamic, Provider("RegPropProv")]
string DB3POROMLastUpdateErrorReason;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DB3PUEFILastUpdateError"),
Dynamic, Provider("RegPropProv")]
uint32 DB3PUEFILastUpdateError;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DB3PUEFILastUpdateErrorReason"),
Dynamic, Provider("RegPropProv")]
string DB3PUEFILastUpdateErrorReason;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DBLastUpdateError"),
Dynamic, Provider("RegPropProv")]
uint32 DBLastUpdateError;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|DBLastUpdateErrorReason"),
Dynamic, Provider("RegPropProv")]
string DBLastUpdateErrorReason;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|KEKLastUpdateError"),
Dynamic, Provider("RegPropProv")]
uint32 KEKLastUpdateError;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|KEKLastUpdateErrorReason"),
Dynamic, Provider("RegPropProv")]
string KEKLastUpdateErrorReason;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|LastParsedBucketDataVersion"),
Dynamic, Provider("RegPropProv")]
uint32 LastParsedBucketDataVersion;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|UEFICA2023Error"),
Dynamic, Provider("RegPropProv")]
uint32 UEFICA2023Error;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing|UEFICA2023ErrorEvent"),
Dynamic, Provider("RegPropProv")]
uint32 UEFICA2023ErrorEvent;
[SMS_Report (TRUE),
PropertyContext("Local|HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\SBAT|UpdateStatus"),
Dynamic, Provider("RegPropProv")]
uint32 SBATUpdateStatus;
};
Bu işlemden sonra Bilgisayarlardan Machine Policy tetiklenmeli ve daha sonra Hardware Inventory tetiklenmeli.
SQL tarafından da aşağıdaki sorgu ile dataların geldiği kontrol edilebilir.
Bu noktadan sonra istediğiniz tip sorgular ile raporlar hazırlayabilirsiniz.
Ben genel ihtiyacı karşılayacak birkaç sorguyu aşağıda paylaşıyorum.
SELECT
sys.Name0 AS [ComputerName],
sys.User_Name0 AS [LastLoggedOnUser],
cs.Manufacturer0 AS [Marka],
cs.Model0 AS [Model],
bios.SMBIOSBIOSVersion0 AS [Bios Sürümü],
CASE
WHEN fw.SecureBoot0 = 1 THEN 'Enable'
WHEN fw.SecureBoot0 = 0 THEN 'Disable'
ELSE 'No data'
END AS [SecureBoot],
sb.UEFICA2023Status0 AS [UEFICA2023Status],
CASE
WHEN sb.WindowsUEFICA2023Capable0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.WindowsUEFICA2023Capable0), 2), 8)
END AS [WindowsUEFICA2023Capable],
CASE
WHEN sb.AvailableUpdates0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.AvailableUpdates0), 2), 8)
END AS [AvailableUpdates],
CASE
WHEN sb.BootMgrLastUpdateError0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.BootMgrLastUpdateError0), 2), 8)
END AS [BootMgrLastUpdateError],
sb.BootMgrLastUpdateErrorReason0 AS [BootMgrLastUpdateErrorReason],
sb.ConfidenceLevel0 AS [ConfidenceLevel],
CASE
WHEN sb.ConfidenceUpdateType0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.ConfidenceUpdateType0), 2), 8)
END AS [ConfidenceUpdateType],
CASE
WHEN sb.DB3POROMLastUpdateError0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.DB3POROMLastUpdateError0), 2), 8)
END AS [DB3POROMLastUpdateError],
CASE
WHEN sb.DB3PUEFILastUpdateError0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.DB3PUEFILastUpdateError0), 2), 8)
END AS [DB3PUEFILastUpdateError],
CASE
WHEN sb.DBLastUpdateError0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.DBLastUpdateError0), 2), 8)
END AS [DBLastUpdateError],
sb.DBLastUpdateErrorReason0 AS [DBLastUpdateErrorReason],
CASE
WHEN sb.KEKLastUpdateError0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.KEKLastUpdateError0), 2), 8)
END AS [KEKLastUpdateError],
sb.KEKLastUpdateErrorReason0 AS [KEKLastUpdateErrorReason],
CASE
WHEN sb.LastParsedBucketDataVersion0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.LastParsedBucketDataVersion0), 2), 8)
END AS [LastParsedBucketDataVersion],
CASE
WHEN sb.UEFICA2023Error0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.UEFICA2023Error0), 2), 8)
END AS [UEFICA2023Error],
CASE
WHEN sb.UEFICA2023ErrorEvent0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.UEFICA2023ErrorEvent0), 2), 8)
END AS [UEFICA2023ErrorEvent],
CASE
WHEN sb.SBATUpdateStatus0 IS NULL THEN NULL
ELSE '0x' + RIGHT('00000000' + CONVERT(varchar(8), CONVERT(varbinary(4), sb.SBATUpdateStatus0), 2), 8)
END AS [SBATUpdateStatus]
FROM dbo.v_R_System AS sys
LEFT JOIN dbo.v_GS_COMPUTER_SYSTEM AS cs
ON sys.ResourceID = cs.ResourceID
LEFT JOIN dbo.v_GS_PC_BIOS AS bios
ON sys.ResourceID = bios.ResourceID
LEFT JOIN dbo.v_GS_FIRMWARE AS fw
ON sys.ResourceID = fw.ResourceID
LEFT JOIN dbo.v_GS_SECUREBOOT20230 AS sb
ON sys.ResourceID = sb.ResourceID
WHERE sys.Client0 = 1
ORDER BY
sys.Name0;
Hangi Marka/Model Makineden, hangi bios sürümünde kaç adet var sorgusu.
SELECT
CS.Manufacturer0 AS [Marka],
CS.Model0 AS [Model],
BIOS.SMBIOSBIOSVersion0 AS [Bios Versiyon],
CONVERT(date, BIOS.ReleaseDate0) AS [Bios Tarihi],
COUNT(*) AS [Toplam Makine Sayısı]
FROM dbo.v_R_System AS RS
INNER JOIN dbo.v_GS_COMPUTER_SYSTEM AS CS
ON CS.ResourceID = RS.ResourceID
LEFT JOIN dbo.v_GS_PC_BIOS AS BIOS
ON BIOS.ResourceID = RS.ResourceID
INNER JOIN dbo.v_GS_SYSTEM AS SYS
ON SYS.ResourceID = RS.ResourceID
WHERE
RS.Client0 = 1
AND RS.Active0 = 1
AND RS.Obsolete0 = 0
AND SYS.SystemRole0 = 'Workstation'
AND CS.Manufacturer0 NOT LIKE '%VMware%' -- VMware hariç
GROUP BY
CS.Manufacturer0,
CS.Model0,
BIOS.SMBIOSBIOSVersion0,
BIOS.ReleaseDate0
ORDER BY
COUNT(*) DESC, -- En fazla makine en üstte
CS.Manufacturer0,
CS.Model0;
Genel status durum takip için özet sorgu.
;WITH SourceData AS
(
SELECT
'UEFICA2023Status' AS [Metric],
ISNULL(NULLIF(LTRIM(RTRIM(sb.UEFICA2023Status0)), ''), 'Blank') AS [Value]
FROM dbo.v_R_System AS sys
LEFT JOIN dbo.v_GS_SECUREBOOT20230 AS sb
ON sys.ResourceID = sb.ResourceID
WHERE sys.Client0 = 1
UNION ALL
SELECT
'BootMgrLastUpdateErrorReason' AS [Metric],
ISNULL(NULLIF(LTRIM(RTRIM(sb.BootMgrLastUpdateErrorReason0)), ''), 'Blank') AS [Value]
FROM dbo.v_R_System AS sys
LEFT JOIN dbo.v_GS_SECUREBOOT20230 AS sb
ON sys.ResourceID = sb.ResourceID
WHERE sys.Client0 = 1
UNION ALL
SELECT
'ConfidenceLevel' AS [Metric],
ISNULL(NULLIF(LTRIM(RTRIM(sb.ConfidenceLevel0)), ''), 'Blank') AS [Value]
FROM dbo.v_R_System AS sys
LEFT JOIN dbo.v_GS_SECUREBOOT20230 AS sb
ON sys.ResourceID = sb.ResourceID
WHERE sys.Client0 = 1
),
SummaryData AS
(
SELECT
[Metric],
[Value],
COUNT(*) AS [DeviceCount],
SUM(COUNT(*)) OVER (PARTITION BY [Metric]) AS [MetricTotal]
FROM SourceData
GROUP BY
[Metric],
[Value]
)
SELECT
[Metric],
[Value],
[DeviceCount],
CAST(([DeviceCount] * 100.0 / [MetricTotal]) AS decimal(6,2)) AS [Percent]
FROM SummaryData
ORDER BY
CASE [Metric]
WHEN 'UEFICA2023Status' THEN 1
WHEN 'BootMgrLastUpdateErrorReason' THEN 2
WHEN 'ConfidenceLevel' THEN 3
ELSE 99
END,
[DeviceCount] DESC,
[Value];
Yeni Sorgular hazırladıkça bu yazının altına ekleyeceğim.
