Author Posts

March 1, 2018 at 8:27 pm

Hey all,

I have a script that should be testing if a machine is running on BIOS or UEFI. The script runs, spits out a txt file result, but all machines fail the test connection. However, if I run the test-connection line by itself, and specify a machine, it comes back true. Running the full script, en masse, it fails. What am I missing? I tried turning off a firewall on a pc, I run as admin, and am running on a machine with RSAT installed, Windows 10 v1709 if that matters.
I've removed some OU and domain info, but I have verified they're correct and work,

$ous = 'OU=Computers,OU=(Ou),DC=(domain),DC=com', 
       'OU=Surface,OU=(OU),DC=(domain),DC=com',
       'OU=Advisors & Assistants,OU=(OU),OU=(OU),DC=(domain),DC=com'
$info = foreach ($ou in $ous) {
    foreach ($machine in (get-adcomputer -filter * -searchbase $ou)) {
        if (test-connection $machine -Count 1 -Quiet) {
            invoke-command -ComputerName $machine -ScriptBlock {
                try {
                    Confirm-SecureBootUEFI -ErrorAction Stop
                    Write-Output "'$env:computername' has UEFI"
                }
                catch {
                    Write-Output "'$env:computername' has BIOS"
                }
            }
        }
        else {
            Write-Output "'$machine' is not reachable."
        }
    }
}
$info | out-file "$env:userprofile\desktop\result.txt"

March 1, 2018 at 9:04 pm

Simplify this down a bit and just make a direct loop call to the AD computers.

(Get-ADComputer -Filter *).Name | 
%{Test-Connection -ComputerName $_ -Count 1 -Quiet
    Try 
    {
        Confirm-SecureBootUEFI -ErrorAction Stop 
        "$env:computername has UEFI"
    }
    Catch
    {
        "$env:computername has BIOS"
    }
}

March 1, 2018 at 9:24 pm

This gives me this result: (this is my machine)
TABSTL05 has UEFI
True
True
TABSTL05 has UEFI
True
True
TABSTL05 has UEFI
True
True
TABSTL05 has UEFI
False
True

March 1, 2018 at 11:54 pm

Sooo, you changed my little sample from the AD call to this...

    
    $env:COMPUTERNAME | 
    %{Test-Connection -ComputerName $_ -Count 1 -Quiet
        Try 
        {
            Confirm-SecureBootUEFI -ErrorAction Stop 
            "$env:computername has UEFI"
        }
        Catch
        {
            "$env:computername has BIOS"
        }
    }

The reason for this is that TNC is returning true, as it should if the machine is up. That's your first one
The second true is coming from Confirm-SecureBootUEFI -ErrorAction Stop.
Then your message.

If you are only looking for true or false in the try/catch. you need handle the output of the other two responses.
So, change this to something like:

    $env:COMPUTERNAME | 
    %{Test-Connection -ComputerName $_ -Count 1 -Quiet  | Out-Null
        Try 
        {
            Confirm-SecureBootUEFI -ErrorAction Stop | Out-Null
            "$_ has UEFI"
        }
        Catch
        {
            "$_ has BIOS"
        }
    }

WS01 has UEFI