A query is a specific set of instructions that extract information about a defined set of objects. SCCM Query is one of the feature to generate Report and Create Query based Device Collections. In this Post I have shared the SCCM Query to Get Secure Boot Non-Compliance machines & BIOS Info.
SCCM Query to Get Secure Boot Not Enabled Machines
Secure Boot in BIOS
Secure Boot is one feature of the latest Unified Extensible Firmware Interface (UEFI). The feature defines an entirely new interface between operating system and firmware/BIOS.
When enabled and fully configured, Secure Boot helps a computer resist attacks and infection from malware. Secure Boot detects tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. Detections are blocked from running before they can attack or infect the system. Hence Its an Mandatory Setting which we need to enable in BIOS. To identify not enabled machines, We can use this Query in SCCM.
select SMS_R_System.Name, SMS_G_System_FIRMWARE.SecureBoot, SMS_R_System.SystemOUName from SMS_R_System inner join SMS_G_System_FIRMWARE on SMS_G_System_FIRMWARE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_FIRMWARE.SecureBoot = 0 order by SMS_R_System.Name
We Will get the System Name and Secure Boot Not Enabled Machines (Result “0” is the Not Enabled Status in BIOS)
SCCM Query to Get BIOS Manufacturer & BIOS Version
To get PC BIOS manufacturer and BIOS version for a specific Collection, We can use this below Query in SCCM
select SMS_R_System.Name, SMS_G_System_PC_BIOS.Manufacturer, SMS_G_System_PC_BIOS.SMBIOSBIOSVersion, SMS_GH_System_PC_BIOS.BIOSVersion from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_GH_System_PC_BIOS on SMS_GH_System_PC_BIOS.ResourceId = SMS_R_System.ResourceId
We Will get System Name, PC BIOS Manufacturer and BIOS Version details as Below