Notification

Icon
Error

Report if Credential Guard is active

Posted: Thursday, October 14, 2021 10:28:15 AM(UTC)
ericatbrandmauer

ericatbrandmauer

Member Original PosterPosts: 2
0
Like
This issue has been solved! Click here to view the solution
Hi,

I'm looking for a way to check whether Credential Guard is activated on my endpoints.
Probably the best way to do this is to query the registry value:

HKLM:SYSTEM\CurrentControlSet\Control\Lsa DWORD LsaCfgFlags

Value could be 0=deactivated, 1=On with UEFI Lock, 2=On without Lock
If the Value is not present, then it's not configured (off)

Unfortunately, I'm not good at creating reports. Maybe someone can help me with the report?

Thanks in advance
Andy.S
#1Andy.S Member Posts: 123  
posted: 10/29/2021 12:57:22 PM(UTC)
Hi,

Once you have setup the registry scan for the key , this should then report on the scan :

Code:
Select Top 1000000 tblassets.AssetID,
  tblassets.AssetName,
  tsysassettypes.AssetTypename,
  tsysassettypes.AssetTypeIcon10 As icon,
  tblassets.IPAddress,
  tblassets.Lastseen,
  tblassets.Lasttried,
  Case
    When CGuard.Value = '1' Then 'On with UEFI Lock'
    When CGuard.Value = '2' Then 'On without Lock'
    Else 'Not Configured'
  End As 'Credential Guard Status'
From tblassets
  Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
  Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
  Left Join (Select tblRegistry.Regkey,
      tblRegistry.Valuename,
      tblRegistry.Value,
      tblRegistry.AssetID
    From lansweeperdb.dbo.tblRegistry
    Where tblRegistry.Regkey Like '%\CurrentControlSet\Control\Lsa%' And
      tblRegistry.Valuename Like '%LsaCfgFlags%') CGuard On CGuard.AssetID =
      tblassets.AssetID
Where tblassetcustom.State = 1
ericatbrandmauer
#2ericatbrandmauer Member Original PosterPosts: 2  
posted: 11/2/2021 11:19:42 AM(UTC)
Hi Andy,

thanks for your help. That was the solution.

BR,
Eric

Active Discussions

Lansweeper Marking/Flagging VIP Customers
by  C Johnson   Go to last post Go to first unread
Last post: Yesterday at 11:43:22 PM(UTC)
Lansweeper Office 2016 key scanning
by  WaldoIT  
Go to last post Go to first unread
Last post: Yesterday at 3:40:41 PM(UTC)
Lansweeper Configuring SSL in IIS Express issue
by  saffo   Go to last post Go to first unread
Last post: Yesterday at 9:57:31 AM(UTC)
Lansweeper MDM Jamf School
by  Eugene  
Go to last post Go to first unread
Last post: 12/3/2021 6:21:44 PM(UTC)
Lansweeper HTTPS not secure
by  Luke Maslany   Go to last post Go to first unread
Last post: 12/3/2021 2:23:28 PM(UTC)
Lansweeper Problem with deploy software
by  Max90  
Go to last post Go to first unread
Last post: 12/3/2021 2:04:12 PM(UTC)
Lansweeper scanning target by range
by  Colombini   Go to last post Go to first unread
Last post: 12/3/2021 12:06:19 PM(UTC)
Lansweeper Log WIFI networks
by  BastiOn  
Go to last post Go to first unread
Last post: 12/3/2021 10:29:38 AM(UTC)