→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ericatbrandmaue
Engaged Sweeper
Hi,

I'm looking for a way to check whether Credential Guard is activated on my endpoints.
Probably the best way to do this is to query the registry value:

HKLM:SYSTEM\CurrentControlSet\Control\Lsa DWORD LsaCfgFlags

Value could be 0=deactivated, 1=On with UEFI Lock, 2=On without Lock
If the Value is not present, then it's not configured (off)

Unfortunately, I'm not good at creating reports. Maybe someone can help me with the report?

Thanks in advance
1 ACCEPTED SOLUTION
Andy_Sismey
Champion Sweeper III
Hi,

Once you have setup the registry scan for the key , this should then report on the scan :

Select Top 1000000 tblassets.AssetID,
tblassets.AssetName,
tsysassettypes.AssetTypename,
tsysassettypes.AssetTypeIcon10 As icon,
tblassets.IPAddress,
tblassets.Lastseen,
tblassets.Lasttried,
Case
When CGuard.Value = '1' Then 'On with UEFI Lock'
When CGuard.Value = '2' Then 'On without Lock'
Else 'Not Configured'
End As 'Credential Guard Status'
From tblassets
Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
Left Join (Select tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value,
tblRegistry.AssetID
From lansweeperdb.dbo.tblRegistry
Where tblRegistry.Regkey Like '%\CurrentControlSet\Control\Lsa%' And
tblRegistry.Valuename Like '%LsaCfgFlags%') CGuard On CGuard.AssetID =
tblassets.AssetID
Where tblassetcustom.State = 1

View solution in original post

2 REPLIES 2
ericatbrandmaue
Engaged Sweeper
Hi Andy,

thanks for your help. That was the solution.

BR,
Eric
Andy_Sismey
Champion Sweeper III
Hi,

Once you have setup the registry scan for the key , this should then report on the scan :

Select Top 1000000 tblassets.AssetID,
tblassets.AssetName,
tsysassettypes.AssetTypename,
tsysassettypes.AssetTypeIcon10 As icon,
tblassets.IPAddress,
tblassets.Lastseen,
tblassets.Lasttried,
Case
When CGuard.Value = '1' Then 'On with UEFI Lock'
When CGuard.Value = '2' Then 'On without Lock'
Else 'Not Configured'
End As 'Credential Guard Status'
From tblassets
Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
Left Join (Select tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value,
tblRegistry.AssetID
From lansweeperdb.dbo.tblRegistry
Where tblRegistry.Regkey Like '%\CurrentControlSet\Control\Lsa%' And
tblRegistry.Valuename Like '%LsaCfgFlags%') CGuard On CGuard.AssetID =
tblassets.AssetID
Where tblassetcustom.State = 1