This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Secure Boot certificate expiration and CA updates report?

funkytechmonky
Engaged Sweeper III

2 weeks ago

I've been searching the support forums and really surprised to see there is nothing about the "Windows Secure Boot certificate expiration" that is happening in June 2026. This is HUGE and could cause a lot of issues.  Am I missing something? Has anyone built a report for this? (or even possible)

Microsoft's Article: 
https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-... 

4 REPLIES 4
Esben_D
Lansweeper Employee
Lansweeper Employee

a week ago

I read about it, but I haven't spent time really looking into it yet and how much of an issue it could cause. I might invest some time and release a pro tip with some resources that might help. It seems that Microsoft is suggesting to collect a bunch of info that we should already have (https://support.microsoft.com/en-us/topic/secure-boot-certificate-updates-guidance-for-it-profession...), but its just about configuring it and creating some reports on it.

Theoretically, we could even trigger Intune deployments using the new flowbuilder on assets but I don't think I'll have the time to do everything at once.

0 Kudos
funkytechmonky
Engaged Sweeper III
In response to Esben_D

a week ago

Help building a report for this would be very useful to every environment. Give it a month or two and companies will start freaking out about it then  😀

Is lansweeper able to see the secure boot certificate db? The cert name would be "Windows UEFI CA 2023". I am not seeing it under certificates (on a confirmed device). 

According to the "preparation" article, other things that would be helpful in the report are....
Inventory hardware and firmware. Build a representative sample of devices based on System Manufacturer, System Model, BIOS Version/Date, BaseBoard Product version, etc., and test updates on those devices before broad deployment.  These parameters are commonly available in system information (MSINFO32). Use the included sample PowerShell commands to check for Secure Boot update status and to inventory devices across your organization

Esben_D
Lansweeper Employee
Lansweeper Employee
In response to funkytechmonky

Thursday

Those certificates are not stored in the Windows certificate stores so they aren't scanned by lansweeper. Getting the inventory shouldn't be an issue alongside secure boot status and also evenlog info for validating if updates have been applied. 

0 Kudos
funkytechmonky
Engaged Sweeper III
In response to Esben_D

Thursday - last edited Thursday

@Esben_D I didnt realize you were so popular. I brought this up in the "Tips and Tricks" meet and they all said "Esben is our guy". 😁

Thanks for looking into this I really appreciate it! 

Edit: Now that I have looked around the LanSweeper KBs and Pro Tips your popularity precedes you. 

0 Kudos

Reports & Analytics

Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now