-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCheckCredguard.ps1
More file actions
42 lines (38 loc) · 2.3 KB
/
CheckCredguard.ps1
File metadata and controls
42 lines (38 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#Requires -RunAsAdministrator
# --- Script to Check Credential Guard Status (Single Line Output) ---
try {
# Query the Win32_DeviceGuard WMI class
$deviceGuardInfo = Get-CimInstance -ClassName Win32_DeviceGuard -Namespace "root\Microsoft\Windows\DeviceGuard" -ErrorAction Stop
if ($null -ne $deviceGuardInfo) {
# Check if 'CredentialGuard' is listed in the SecurityServicesRunning property array
if ($deviceGuardInfo.SecurityServicesRunning -contains 'CredentialGuard') {
# Output if running
Write-Host "Credential Guard Status: Enabled and Running"
} else {
# Output if not running (could be configured but pending reboot, or just off)
Write-Host "Credential Guard Status: Not Running"
}
} else {
# Fallback if query returned null unexpectedly
Write-Host "Credential Guard Status: Error - Could not retrieve WMI information." -ForegroundColor Red
}
} catch [Microsoft.Management.Infrastructure.CimException] {
# Handle specific WMI errors concisely
if ($_.Exception.Message -like '*Access denied*') {
Write-Host "Credential Guard Status: Error - Access Denied (Run as Administrator)." -ForegroundColor Red
} elseif ($_.Exception.Message -like '*Invalid namespace*' -or $_.Exception.Message -like '*Invalid class*') {
# Feature might not be installed, available, or enabled on the OS level
Write-Host "Credential Guard Status: Error - Feature unavailable or WMI class/namespace not found." -ForegroundColor Red
} else {
# Other WMI errors
Write-Host "Credential Guard Status: Error - WMI Query Failed." -ForegroundColor Red
# Optional: Add specific error message if needed for debugging:
# Write-Host "Credential Guard Status: Error - WMI Query Failed ($($_.Exception.Message.Split([Environment]::NewLine)[0]))" -ForegroundColor Red
}
} catch {
# Catch any other non-WMI script errors concisely
Write-Host "Credential Guard Status: Error - Unexpected Script Error." -ForegroundColor Red
# Optional: Add specific error message if needed for debugging:
# Write-Host "Credential Guard Status: Error - Unexpected Script Error ($($_.Exception.Message.Split([Environment]::NewLine)[0]))" -ForegroundColor Red
}
# --- End of Script ---