SCCM Query to Get Secure Boot Not Enabled Machines and BIOS Info

Posted byTamilkovanPosted inScriptsTags:,

A query is a specific set of instructions that extract information about a defined set of objects. SCCM Query is one of the feature to generate Report and Create Query based Device Collections. In this Post I have shared the SCCM Query to Get Secure Boot Non-Compliance machines & BIOS Info.

SCCM Query to Get Secure Boot Not Enabled Machines

Secure Boot in BIOS

Secure Boot is one feature of the latest Unified Extensible Firmware Interface (UEFI). The feature defines an entirely new interface between operating system and firmware/BIOS.

When enabled and fully configured, Secure Boot helps a computer resist attacks and infection from malware. Secure Boot detects tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. Detections are blocked from running before they can attack or infect the system. Hence Its an Mandatory Setting which we need to enable in BIOS. To identify not enabled machines, We can use this Query in SCCM.

SCCM Query

select SMS_R_System.Name, SMS_G_System_FIRMWARE.SecureBoot, SMS_R_System.SystemOUName from  SMS_R_System inner join SMS_G_System_FIRMWARE on SMS_G_System_FIRMWARE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_FIRMWARE.SecureBoot = 0 order by SMS_R_System.Name

Query Output

We Will get the System Name and Secure Boot Not Enabled Machines (Result “0” is the Not Enabled Status in BIOS)

SCCM Query to Get BIOS Manufacturer & BIOS Version

To get PC BIOS manufacturer and BIOS version for a specific Collection, We can use this below Query in SCCM

SCCM Query

select SMS_R_System.Name, SMS_G_System_PC_BIOS.Manufacturer, SMS_G_System_PC_BIOS.SMBIOSBIOSVersion, SMS_GH_System_PC_BIOS.BIOSVersion from  SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_GH_System_PC_BIOS on SMS_GH_System_PC_BIOS.ResourceId = SMS_R_System.ResourceId

Query Output

We Will get System Name, PC BIOS Manufacturer and BIOS Version details as Below

Thank You!

Published by Tamilkovan

My name is Tamil Kovan and I work as a Technical Manager at PCCW Solutions. This is my blog where I will share tips and stuff for my own on System Center related topics.

One thought on “SCCM Query to Get Secure Boot Not Enabled Machines and BIOS Info

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: