moddingg33k/Get-DeviceGuardStatus.ps1

## Get-DeviceGuardStatus.ps1
$result = Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard

Write-Host
Write-Host "Security Properties"
Write-Host "-------------------"

if ( $result.RequiredSecurityProperties -contains 1 ) {
    if ( $result.AvailableSecurityProperties -contains 1 ) {
        Write-Host "`tHypervisor support is required and available." -ForegroundColor Green
    }
    else {
        Write-Host "`tHypervisor support is required but not available." -ForegroundColor Red
    }
}
else {
    if ( $result.AvailableSecurityProperties -contains 1 ) {
        Write-Host "`tHypervisor support is available." -ForegroundColor Cyan
    }
    else {
        Write-Host "`tHypervisor support is neither available nor required." -ForegroundColor Gray
    }
}

if ( $result.RequiredSecurityProperties -contains 2 ) {
    if ( $result.AvailableSecurityProperties -contains 2 ) {
        Write-Host "`tSecure Boot is required and available." -ForegroundColor Green
    }
    else {
        Write-Host "`tSecure Boot is required but not available." -ForegroundColor Red
    }
}
else {
    if ( $result.AvailableSecurityProperties -contains 2 ) {
        Write-Host "`tSecure Boot is available." -ForegroundColor Cyan
    }
    else {
        Write-Host "`tSecure Boot is neither available nor required." -ForegroundColor Gray
    }
}

if ( $result.RequiredSecurityProperties -contains 3 ) {
    if ( $result.AvailableSecurityProperties -contains 3 ) {
        Write-Host "`tDMA protection is required and available." -ForegroundColor Green
    }
    else {
        Write-Host "`tDMA protection is required but not available." -ForegroundColor Red
    }
}
else {
    if ( $result.AvailableSecurityProperties -contains 3 ) {
        Write-Host "`tDMA protection is available." -ForegroundColor Cyan
    }
    else {
        Write-Host "`tDMA protection is neither available nor required." -ForegroundColor Gray
    }
}

if ( $result.RequiredSecurityProperties -contains 4 ) {
    if ( $result.AvailableSecurityProperties -contains 4 ) {
        Write-Host "`tSecure Memory Overwrite is required and available." -ForegroundColor Green
    }
    else {
        Write-Host "`tSecure Memory Overwrite is required but not available." -ForegroundColor Red
    }
}
else {
    if ( $result.AvailableSecurityProperties -contains 4 ) {
        Write-Host "`tSecure Memory Overwrite is available." -ForegroundColor Cyan
    }
    else {
        Write-Host "`tSecure Memory Overwrite is neither available nor required." -ForegroundColor Gray
    }
}

if ( $result.RequiredSecurityProperties -contains 5 ) {
    if ( $result.AvailableSecurityProperties -contains 5 ) {
        Write-Host "`tNX protection is required and available." -ForegroundColor Green
    }
    else {
        Write-Host "`tNX protection is required but not available." -ForegroundColor Red
    }
}
else {
    if ( $result.AvailableSecurityProperties -contains 5 ) {
        Write-Host "`tNX protection is available." -ForegroundColor Cyan
    }
    else {
        Write-Host "`tNX protection is neither available nor required." -ForegroundColor Gray
    }
}

if ( $result.RequiredSecurityProperties -contains 6 ) {
    if ( $result.AvailableSecurityProperties -contains 6 ) {
        Write-Host "`tSMM mitigations are required and available." -ForegroundColor Green
    }
    else {
        Write-Host "`tSMM mitigations are required but not available." -ForegroundColor Red
    }
}
else {
    if ( $result.AvailableSecurityProperties -contains 6 ) {
        Write-Host "`tSMM mitigations are available." -ForegroundColor Cyan
    }
    else {
        Write-Host "`tSMM mitigations are neither available nor required." -ForegroundColor Gray
    }
}

if ( $result.RequiredSecurityProperties -contains 7 ) {
    if ( $result.AvailableSecurityProperties -contains 7 ) {
        Write-Host "`tMode Based Execution Control is required and available." -ForegroundColor Green
    }
    else {
        Write-Host "`tMode Based Execution Control is required but not available." -ForegroundColor Red
    }
}
else {
    if ( $result.AvailableSecurityProperties -contains 7 ) {
        Write-Host "`tMode Based Execution Control is available." -ForegroundColor Cyan
    }
    else {
        Write-Host "`tMode Based Execution Control is neither available nor required." -ForegroundColor Gray
    }
}

Write-Host
Write-Host "Security Services"
Write-Host "-----------------"

if ( $result.SecurityServicesConfigured -contains 1 ) {
    if ( $result.SecurityServicesRunning -contains 1 ) {
        Write-Host "`tWindows Defender Credential Guard is configured and running." -ForegroundColor Green
    }
    else {
        Write-Host "`tWindows Defender Credential Guard is configured but not running." -ForegroundColor Red
    }
}
else {
    if ( $result.SecurityServicesRunning -contains 1 ) {
        Write-Host "`tWindows Defender Credential Guard is running. (UEFI lock)" -ForegroundColor Magenta
    }
    else {
        Write-Host "`tWindows Defender Credential Guard is not configured." -ForegroundColor Gray
    }
}

if ( $result.SecurityServicesConfigured -contains 2 ) {
    if ( $result.SecurityServicesRunning -contains 2 ) {
        Write-Host "`tHVCI is configured and running." -ForegroundColor Green
    }
    else {
        Write-Host "`tHVCI is configured but not running." -ForegroundColor Red
    }
}
else {
    if ( $result.SecurityServicesRunning -contains 2 ) {
        Write-Host "`tHVCI is running. (UEFI lock)" -ForegroundColor Magenta
    }
    else {
        Write-Host "`tHVCI is not configured." -ForegroundColor Gray
    }
}

if ( $result.SecurityServicesConfigured -contains 3 ) {
    if ( $result.SecurityServicesRunning -contains 3 ) {
        Write-Host "`tSystem Guard Secure Launch is configured and running." -ForegroundColor Green
    }
    else {
        Write-Host "`tSystem Guard Secure Launch is configured but not running." -ForegroundColor Red
    }
}
else {
    if ( $result.SecurityServicesRunning -contains 3 ) {
        Write-Host "`tSystem Guard Secure Launch is running. (UEFI lock)" -ForegroundColor Magenta
    }
    else {
        Write-Host "`tSystem Guard Secure Launch is not configured." -ForegroundColor Gray
    }
}

Write-Host
Write-Host "Virtualization Based Security Status"
Write-Host "------------------------------------"
switch ($result.VirtualizationBasedSecurityStatus)
{
    0 { Write-Host "`tVBS is not enabled." -ForegroundColor Yellow }
    1 { Write-Host "`tVBS is enabled but not running." -ForegroundColor Red }
    2 { Write-Host "`tVBS is enabled and running." -ForegroundColor Green }
}
	$result = Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard

	Write-Host
	Write-Host "Security Properties"
	Write-Host "-------------------"

	if ( $result.RequiredSecurityProperties -contains 1 ) {
	if ( $result.AvailableSecurityProperties -contains 1 ) {
	Write-Host "`tHypervisor support is required and available." -ForegroundColor Green
	}
	else {
	Write-Host "`tHypervisor support is required but not available." -ForegroundColor Red
	}
	}
	else {
	if ( $result.AvailableSecurityProperties -contains 1 ) {
	Write-Host "`tHypervisor support is available." -ForegroundColor Cyan
	}
	else {
	Write-Host "`tHypervisor support is neither available nor required." -ForegroundColor Gray
	}
	}

	if ( $result.RequiredSecurityProperties -contains 2 ) {
	if ( $result.AvailableSecurityProperties -contains 2 ) {
	Write-Host "`tSecure Boot is required and available." -ForegroundColor Green
	}
	else {
	Write-Host "`tSecure Boot is required but not available." -ForegroundColor Red
	}
	}
	else {
	if ( $result.AvailableSecurityProperties -contains 2 ) {
	Write-Host "`tSecure Boot is available." -ForegroundColor Cyan
	}
	else {
	Write-Host "`tSecure Boot is neither available nor required." -ForegroundColor Gray
	}
	}

	if ( $result.RequiredSecurityProperties -contains 3 ) {
	if ( $result.AvailableSecurityProperties -contains 3 ) {
	Write-Host "`tDMA protection is required and available." -ForegroundColor Green
	}
	else {
	Write-Host "`tDMA protection is required but not available." -ForegroundColor Red
	}
	}
	else {
	if ( $result.AvailableSecurityProperties -contains 3 ) {
	Write-Host "`tDMA protection is available." -ForegroundColor Cyan
	}
	else {
	Write-Host "`tDMA protection is neither available nor required." -ForegroundColor Gray
	}
	}

	if ( $result.RequiredSecurityProperties -contains 4 ) {
	if ( $result.AvailableSecurityProperties -contains 4 ) {
	Write-Host "`tSecure Memory Overwrite is required and available." -ForegroundColor Green
	}
	else {
	Write-Host "`tSecure Memory Overwrite is required but not available." -ForegroundColor Red
	}
	}
	else {
	if ( $result.AvailableSecurityProperties -contains 4 ) {
	Write-Host "`tSecure Memory Overwrite is available." -ForegroundColor Cyan
	}
	else {
	Write-Host "`tSecure Memory Overwrite is neither available nor required." -ForegroundColor Gray
	}
	}

	if ( $result.RequiredSecurityProperties -contains 5 ) {
	if ( $result.AvailableSecurityProperties -contains 5 ) {
	Write-Host "`tNX protection is required and available." -ForegroundColor Green
	}
	else {
	Write-Host "`tNX protection is required but not available." -ForegroundColor Red
	}
	}
	else {
	if ( $result.AvailableSecurityProperties -contains 5 ) {
	Write-Host "`tNX protection is available." -ForegroundColor Cyan
	}
	else {
	Write-Host "`tNX protection is neither available nor required." -ForegroundColor Gray
	}
	}

	if ( $result.RequiredSecurityProperties -contains 6 ) {
	if ( $result.AvailableSecurityProperties -contains 6 ) {
	Write-Host "`tSMM mitigations are required and available." -ForegroundColor Green
	}
	else {
	Write-Host "`tSMM mitigations are required but not available." -ForegroundColor Red
	}
	}
	else {
	if ( $result.AvailableSecurityProperties -contains 6 ) {
	Write-Host "`tSMM mitigations are available." -ForegroundColor Cyan
	}
	else {
	Write-Host "`tSMM mitigations are neither available nor required." -ForegroundColor Gray
	}
	}

	if ( $result.RequiredSecurityProperties -contains 7 ) {
	if ( $result.AvailableSecurityProperties -contains 7 ) {
	Write-Host "`tMode Based Execution Control is required and available." -ForegroundColor Green
	}
	else {
	Write-Host "`tMode Based Execution Control is required but not available." -ForegroundColor Red
	}
	}
	else {
	if ( $result.AvailableSecurityProperties -contains 7 ) {
	Write-Host "`tMode Based Execution Control is available." -ForegroundColor Cyan
	}
	else {
	Write-Host "`tMode Based Execution Control is neither available nor required." -ForegroundColor Gray
	}
	}

	Write-Host
	Write-Host "Security Services"
	Write-Host "-----------------"

	if ( $result.SecurityServicesConfigured -contains 1 ) {
	if ( $result.SecurityServicesRunning -contains 1 ) {
	Write-Host "`tWindows Defender Credential Guard is configured and running." -ForegroundColor Green
	}
	else {
	Write-Host "`tWindows Defender Credential Guard is configured but not running." -ForegroundColor Red
	}
	}
	else {
	if ( $result.SecurityServicesRunning -contains 1 ) {
	Write-Host "`tWindows Defender Credential Guard is running. (UEFI lock)" -ForegroundColor Magenta
	}
	else {
	Write-Host "`tWindows Defender Credential Guard is not configured." -ForegroundColor Gray
	}
	}

	if ( $result.SecurityServicesConfigured -contains 2 ) {
	if ( $result.SecurityServicesRunning -contains 2 ) {
	Write-Host "`tHVCI is configured and running." -ForegroundColor Green
	}
	else {
	Write-Host "`tHVCI is configured but not running." -ForegroundColor Red
	}
	}
	else {
	if ( $result.SecurityServicesRunning -contains 2 ) {
	Write-Host "`tHVCI is running. (UEFI lock)" -ForegroundColor Magenta
	}
	else {
	Write-Host "`tHVCI is not configured." -ForegroundColor Gray
	}
	}

	if ( $result.SecurityServicesConfigured -contains 3 ) {
	if ( $result.SecurityServicesRunning -contains 3 ) {
	Write-Host "`tSystem Guard Secure Launch is configured and running." -ForegroundColor Green
	}
	else {
	Write-Host "`tSystem Guard Secure Launch is configured but not running." -ForegroundColor Red
	}
	}
	else {
	if ( $result.SecurityServicesRunning -contains 3 ) {
	Write-Host "`tSystem Guard Secure Launch is running. (UEFI lock)" -ForegroundColor Magenta
	}
	else {
	Write-Host "`tSystem Guard Secure Launch is not configured." -ForegroundColor Gray
	}
	}

	Write-Host
	Write-Host "Virtualization Based Security Status"
	Write-Host "------------------------------------"
	switch ($result.VirtualizationBasedSecurityStatus)
	{
	0 { Write-Host "`tVBS is not enabled." -ForegroundColor Yellow }
	1 { Write-Host "`tVBS is enabled but not running." -ForegroundColor Red }
	2 { Write-Host "`tVBS is enabled and running." -ForegroundColor Green }
	}