
Secure Boot certificates introduced in 2011 are expiring in 2026.
If devices aren’t updated, they won’t receive future security fixes for the Windows boot manager or Secure Boot itself.
Pro Tips #78 focuses on how to handle this with Lansweeper. It covers:
- Building a representative test group using existing asset data
- Auditing Secure Boot status via registry scanning
- Monitoring new Windows events (1801 & 1808)
- Tracking Microsoft-managed, registry-based, and GPO deployments
- Reporting on required Secure Boot registry keys and servicing status
No separate scripts required if you’re already collecting the right data.
Full guide here: Secure Boot Certificate Expiration - Lansweeper