How do I know if my Desktops/Laptops have UEFI and Secure Boot?

rmessing171
rmessing171 used Ask the Experts™
on
We have an enterprise environment with 4000 PCs.  We know all the Desktop/Laptop hardware models.

Is there a way that if we find out the chipset for each PC, then we would know if the PC has UEFI and Secure Boot capabilities?

Any assistance or suggestions would be greatly appreciated!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dr. KlahnPrincipal Software Engineer

Commented:
Go to the manufacturer's web site and get the specification sheet for each model.  This is the easy way.

The hard way is to locate one of each model you have, turn it off, turn it on, go into BIOS setup, and see if UEFI is supported as a BIOS option.

Knowing the chipset is unfortunately not helpful in this case.  What that lets you know is whether UEFI is an option in the chipset, but not whether it is actually implemented in the BIOS.
noxchoIT Product Manager
Top Expert 2009

Commented:
The right way to see if you have UEFi and Secure Boot is going into BIOS and checking there in advanced settings. Depending on vendor and version of BIOS they can be either on main or in advanced settings.
RaminTechnical Advisor

Commented:
this Article also can be helpful. there are two other methods to determine if a system is using legacy Bios or UEFI.
http://www.thewindowsclub.com/check-if-uefi-or-bios
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

rmessing171Consultant

Author

Commented:
Thank you to all that replied and provided suggestions.  Since I have 4000 PCs, it will take alot of time to go to each PC to check for BIOS/UEFI.  Is there an remote or automated way to gather this information from each PC?
noxchoIT Product Manager
Top Expert 2009

Commented:
Here is a powershell script which works perfectly for me. However it needs that running scripts in powershell is enabled on the machines.
https://gallery.technet.microsoft.com/scriptcenter/Determine-UEFI-or-Legacy-7dc79488
rmessing171Consultant

Author

Commented:
noxcho - Thank you for sending along!

Quick questions:

1. Did you remotely deploy this powershell script to all PCs using SCCM?

2. Will this script report if the PC has BIOS or UEFI enabled at the time the script is run, or will it report that the PC has BIOS and UEFI capability?

Thank you for your assistance!
noxchoIT Product Manager
Top Expert 2009

Commented:
I checked it by running it locally. So I think running it using SCCM should work as well.
It shows that UEFI or BIOS is enabled. Because it collects information from Windows interface.
rmessing171Consultant

Author

Commented:
Thank you!  Just curious if you know of a tool that I could deploy that would report back if the PC has UEFI capability.  This would help me greatly since all of my PCs are BIOS enabed.

What are your thoughts?
noxchoIT Product Manager
Top Expert 2009

Commented:
I think such tool does not exist. I am working much with PCs, installations on different PCs but never heard about of such tool.
Consultant
Commented:
I found this on the internet and it helped me perform what I was seeking.

https://miketerrill.net/2015/10/11/inventory-secure-boot-state-and-uefi-with-configmgr/
rmessing171Consultant

Author

Commented:
This found solution was exactly was what I was seeking,

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial