Solved garlin's PowerShell scripts for updating Secure Boot CA 2023


ryan190123 said:
-TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
I dont have this task? thoughts?
Click to expand...

Run this command to check on your Secure Boot task:
Code: 
>powershell -f C:\Windows\SecureBoot\ExampleRolloutScripts\Enable-SecureBootUpdateTask.ps1 check

========================================
 Secure Boot Update Task Enabler
========================================

Task: \Microsoft\Windows\PI\Secure-Boot-Update

Checking: Y50-70
  State: Ready

========================================
 Summary
========================================
Total Checked: 1
Enabled:


ComputerName : Y50-70
TaskExists   : True
TaskState    : Ready
IsEnabled    : True
LastRunTime  :
NextRunTime  :
Error        :

Presuming you have a different result, then recreate the missing task:
Code: 
powershell -f C:\Windows\SecureBoot\ExampleRolloutScripts\Enable-SecureBootUpdateTask.ps1 create
powershell -f C:\Windows\SecureBoot\ExampleRolloutScripts\Enable-SecureBootUpdateTask.ps1 enable
 

My Computer

System One

  • OS
    Windows 7
Got the 2x June win10 updates, ran the check uefi script, it told me to disable bitlocker protectors for 3 reboot , to run regedit and task commands, svn updated successfully. Perfect!
 

My Computer

System One

  • OS
    windows 10 22H2 ENT ESU
    Computer type
    PC/Desktop
    CPU
    INTEL
    Memory
    32
    Graphics Card(s)
    NVIDIA
    Hard Drives
    NVME
garlin said:
Run this command to check on your Secure Boot task:
Code: 
>powershell -f C:\Windows\SecureBoot\ExampleRolloutScripts\Enable-SecureBootUpdateTask.ps1 check

========================================
 Secure Boot Update Task Enabler
========================================

Task: \Microsoft\Windows\PI\Secure-Boot-Update

Checking: Y50-70
  State: Ready

========================================
 Summary
========================================
Total Checked: 1
Enabled:


ComputerName : Y50-70
TaskExists   : True
TaskState    : Ready
IsEnabled    : True
LastRunTime  :
NextRunTime  :
Error        :

Presuming you have a different result, then recreate the missing task:
Code: 
powershell -f C:\Windows\SecureBoot\ExampleRolloutScripts\Enable-SecureBootUpdateTask.ps1 create
powershell -f C:\Windows\SecureBoot\ExampleRolloutScripts\Enable-SecureBootUpdateTask.ps1 enable
Click to expand...
Must be run as admin
Ran it on mine without admin and it was reporting task did not exist
With admin, it exist and taskstate is ready
 

My Computer

System One

  • OS
    Windows 11
I guess MS is sloppy and doesn't bother checking if you're an Admin or not. My scripts do, and then re-launch themselves as Admin.

Anyone working for MS should know how this works. :think:
 

My Computer

System One

  • OS
    Windows 7

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo T490 (2020 Hardware)
    CPU
    i7-8565U
    Motherboard
    20N20028US
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 620
    Sound Card
    Realtec Audio
    Monitor(s) Displays
    ASUS VE248
    Screen Resolution
    1920 X 1080
    Hard Drives
    Samsung SSD 970 PRO 512GB NVMe
    Internet Speed
    Frontier fiber 1GB
    Browser
    Chrome, Firefox, Edge
    Antivirus
    Norton 360 Deluxe Plus
    Other Info
    Supported hardware, upgraded from Windows 10 Pro to Windows 11 Pro version 24H2 on 06/01/2025 using the Windows 11 ISO file. Used the enablement package to upgrade to version 25H2 on 10/07/2025. Secure boot enabled. Secure Boot CA 2023 updated.
  • Operating System
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M83 (2014 Hardware)
    CPU
    i7-4770 (with SSE4.2, and POPCNT)
    Motherboard
    10AL000GUS
    Memory
    16GB
    Graphics card(s)
    Intel HD Graphics 4600
    Sound Card
    Realtec High Definition Audio
    Monitor(s) Displays
    ASUS VE248
    Screen Resolution
    1920 X 1080
    Hard Drives
    Samsung SSD 860 PRO 1TB SATA
    Internet Speed
    Frontier fiber 1GB
    Browser
    Chrome, Firefox, Edge
    Antivirus
    Norton 360 Deluxe Plus
    Other Info
    Unsupported hardware, upgraded from Windows 10 Pro (TPM 1.2 & unsupported CPU, but does have SSE4.2, and POPCNT) to Windows 11 Pro version 24H2 on 06/15/2025. Added Registry Key HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup – AllowUpgradesWithUnsupportedTPMOrCPU=1 to allow installation using the Windows 11 ISO file. Used the enablement package to upgrade to version 25H2 on 10/08/2025. Secure boot enabled. Secure Boot CA 2023 updated.
Moore's Law is often misquoted as "computing power doubles every 18 months".

When I used to work, my favorite thing to share with recent hires was Garlin's Corollary to Moore's Law:
Every 18 months, you have the power to inflict twice as many mistakes as you did before.​
 

My Computer

System One

  • OS
    Windows 7
garlin said:
Moore's Law is often misquoted as "computing power doubles every 18 months".

When I used to work, my favorite thing to share with recent hires was Garlin's Corollary to Moore's Law:
Every 18 months, you have the power to inflict twice as many mistakes as you did before.​
Click to expand...
Some humor for today, but I'll stop after this one, otherwise we'll side track this thread
One of my favorite Dilbert...

1781110260990.webp

PS: early in my carreer I tried management, then decided to go the architecture track and never looked back !
And like I always said, I'd rather manage a 1000 computers then 5 humans... :cool:

garlin said:
When I used to work.......
Click to expand...
I'm also retired...
 

My Computer

System One

  • OS
    Windows 11
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom