Notification

Icon
Error

Report if Credential Guard is active

Posted: Thursday, October 14, 2021 10:28:15 AM(UTC)
ericatbrandmauer

ericatbrandmauer

Member Original PosterPosts: 2
0
Like
This issue has been solved! Click here to view the solution
Hi,

I'm looking for a way to check whether Credential Guard is activated on my endpoints.
Probably the best way to do this is to query the registry value:

HKLM:SYSTEM\CurrentControlSet\Control\Lsa DWORD LsaCfgFlags

Value could be 0=deactivated, 1=On with UEFI Lock, 2=On without Lock
If the Value is not present, then it's not configured (off)

Unfortunately, I'm not good at creating reports. Maybe someone can help me with the report?

Thanks in advance
Andy.S
#1Andy.S Member Posts: 123  
posted: 10/29/2021 12:57:22 PM(UTC)
Hi,

Once you have setup the registry scan for the key , this should then report on the scan :

Code:
Select Top 1000000 tblassets.AssetID,
  tblassets.AssetName,
  tsysassettypes.AssetTypename,
  tsysassettypes.AssetTypeIcon10 As icon,
  tblassets.IPAddress,
  tblassets.Lastseen,
  tblassets.Lasttried,
  Case
    When CGuard.Value = '1' Then 'On with UEFI Lock'
    When CGuard.Value = '2' Then 'On without Lock'
    Else 'Not Configured'
  End As 'Credential Guard Status'
From tblassets
  Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
  Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
  Left Join (Select tblRegistry.Regkey,
      tblRegistry.Valuename,
      tblRegistry.Value,
      tblRegistry.AssetID
    From lansweeperdb.dbo.tblRegistry
    Where tblRegistry.Regkey Like '%\CurrentControlSet\Control\Lsa%' And
      tblRegistry.Valuename Like '%LsaCfgFlags%') CGuard On CGuard.AssetID =
      tblassets.AssetID
Where tblassetcustom.State = 1
ericatbrandmauer
#2ericatbrandmauer Member Original PosterPosts: 2  
posted: 11/2/2021 11:19:42 AM(UTC)
Hi Andy,

thanks for your help. That was the solution.

BR,
Eric

Active Discussions

Lansweeper ManageEngine ADSelfService Plus Vulnerability
by  TheGift73   Go to last post Go to first unread
Last post: 11/30/2021 10:25:01 AM(UTC)
Lansweeper OS: Not latest Build of Windows 10 not working
by  Luke Maslany  
Go to last post Go to first unread
Last post: 11/29/2021 2:01:49 PM(UTC)
Lansweeper Cannot find right class
by  FabioB   Go to last post Go to first unread
Last post: 11/29/2021 8:16:33 AM(UTC)
Lansweeper vCenter vSphere Web Client Vulnerabilities
by  Esben.D  
Go to last post Go to first unread
Last post: 11/25/2021 12:24:24 PM(UTC)
Lansweeper Report for Hardware Maintenance
by  PBjelly   Go to last post Go to first unread
Last post: 11/23/2021 2:53:33 PM(UTC)
Lansweeper Need a little help here
by  AMcCarron  
Go to last post Go to first unread
Last post: 11/18/2021 3:07:25 PM(UTC)
Lansweeper Solftware Installed by member of AD Group
by  RPZ   Go to last post Go to first unread
Last post: 11/17/2021 9:57:42 PM(UTC)
Lansweeper Uptime Report duplicate powerstates
by  INNO-IT  
Go to last post Go to first unread
Last post: 11/16/2021 5:10:23 PM(UTC)