PENTING Artikel yang berisi contoh skrip ini telah dihentikan. Dimulai dengan pembaruan Windows yang dirilis pada dan setelah 12 Mei 2026, contoh skrip terletak di folder %systemroot%\SecureBoot\ExampleRolloutScripts di perangkat Anda.
Salin dan tempelkan contoh skrip ini dan ubah sesuai kebutuhan untuk lingkungan Anda:
<# . SINOPSIS Mengaktifkan tugas terjadwal Secure Boot Update.
.DESCRIPTION Skrip ini memastikan tugas terjadwal Windows Secure Boot Update (\Microsoft\Windows\PI\Secure-Boot-Update) diaktifkan. Jika dinonaktifkan, mengaktifkannya. Jika tugas dihapus, tugas bisa membuatnya ulang.
.PARAMETER Action Tindakan yang harus dilakukan. Nilai yang valid: memeriksa, mengaktifkan, membuat - periksa: Hanya periksa status tugas - aktifkan: (default) Aktifkan tugas jika dinonaktifkan. Jika tugas hilang, perintah untuk membuat.- buat: Membuat tugas jika tidak ada
.PARAMETER ComputerName Opsional. Array nama komputer untuk memeriksa/mengaktifkan tugas.Jika tidak ditentukan, berjalan pada mesin lokal.
.PARAMETER Credential Opsional. Kredensial untuk akses komputer jarak jauh.
.PARAMETER Quiet Menyembunyikan perintah dan secara otomatis menjawab Ya. Berguna untuk otomatisasi.
.EXAMPLE .\Enable-SecureBootTask.ps1 # Mengaktifkan status tugas di komputer lokal
.EXAMPLE .\Check-SecureBootScheduledTask.ps1 aktifkan # Mengaktifkan tugas jika dinonaktifkan. Perintah untuk dibuat jika hilang.
.EXAMPLE .\Check-SecureBootScheduledTask.ps1 buat # Membuat tugas jika dihapus, lalu memeriksa statusnya
.EXAMPLE .\Check-SecureBootScheduledTask.ps1 periksa -ComputerName "PC1", "PC2" # Memeriksa tugas pada mesin jarak jauh
.NOTES Memerlukan hak istimewa administrator untuk mengaktifkan atau membuat tugas.Jalur Tugas: \Microsoft\Windows\PI\Secure-Boot-Update Tugas dijalankan taskhostw.exe setiap 12 jam dengan hak istimewa yang ditingkatkan.#>
[CmdletBinding(SupportsShouldProcess)] param( [Parameter(Position=0)] [ValidateSet('check', 'enable', 'create', '')) ] [string]$Action = 'enable',
[Parameter()] [string[]$ComputerName,
[Parameter()] [PSCredential]$Credential,
[Parameter()] [Alias('Paksa', 'Diam')] [sakelar]$Quiet )
# Convert Action to switches for backward compatibility $Enable = $Action -eq 'enable' $Create = $Action -eq 'create'
# Download URL: https://aka.ms/getsecureboot -> "Deployment and Monitoring Samples" # Catatan: Skrip ini berjalan di titik akhir untuk mengaktifkan tugas Pembaruan Boot Aman.
$TaskPath = "\Microsoft\Windows\PI\" $TaskName = "Secure-Boot-Update"
function Get-SecureBootTaskStatus { [CmdletBinding()] param( [string]$Computer = $env:COMPUTERNAME )
$result = [PSCustomObject]@{ ComputerName = $Computer TaskExists = $false TaskState = $null IsEnabled = $false LastRunTime = $null NextRunTime = $null Kesalahan = $null }
try { if ($Computer -eq $env:COMPUTERNAME -or $Computer -eq "localhost" -or $Computer -eq ".") { # Gunakan schtasks.exe untuk deteksi tugas yang lebih andal $schtasksOutput = schtasks.exe /Query /TN "$TaskPath$TaskName" /FO CSV 2>&1 if ($LASTEXITCODE -ne 0) { # Tugas tidak ditemukan bukan kesalahan - hanya berarti tugas tidak ada $result. TaskExists = $false $result pengembalian } # Mengurai output CSV $taskData = $schtasksOutput | ConvertFrom-Csv if ($taskData) { $result. TaskExists = $true $result. TaskState = $taskData.Status $result. IsEnabled = ($taskData.Status -eq 'Siap' -atau $taskData.Status -eq 'Running') # Cobalah untuk mendapatkan run time berikutnya dari data if ($taskData.'Next Run Time' -and $taskData.'Next Run Time' -ne 'N/A') { coba { $result. NextRunTime = [DateTime]::P arse($taskData.'Next Run Time') } tangkap { } } } } lainnya { # Komputer jarak jauh - gunakan Invoke-Command dengan schtasks $remoteResult = Invoke-Command -ComputerName $Computer -ScriptBlock { param($fullTaskName) $output = schtasks.exe /Query /TN $fullTaskName /FO CSV 2>&1 @{ ExitCode = $LASTEXITCODE Output = $output } } -ArgumentList "$TaskPath$TaskName" -ErrorAction Stop
if ($remoteResult.ExitCode -ne 0) { # Tugas tidak ditemukan bukan kesalahan - hanya berarti tugas tidak ada $result. TaskExists = $false $result pengembalian }
$taskData = $remoteResult.Output | ConvertFrom-Csv if ($taskData) { $result. TaskExists = $true $result. TaskState = $taskData.Status $result. IsEnabled = ($taskData.Status -eq 'Siap' -atau $taskData.Status -eq 'Running') } } } tangkap { $result. Kesalahan = $_. Pengecualian.Pesan }
return $result }
function New-SecureBootTask { [CmdletBinding(SupportsShouldProcess)] param( [string]$Computer = $env:COMPUTERNAME )
$success = $false $errorMsg = $null
# Task definition - matches the original Windows Secure Boot Update task # Menggunakan ComHandler dengan kelas SBServicing, berjalan sebagai LocalSystem $taskXml = @" <?xml version="1.0" encoding="UTF-16"?> <Task version="1.6" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <RegistrasiInfo> <Tanggal>2012-02-07T16:39:20</Tanggal> <SecurityDescriptor>O:BAG:BAD:P(A;; FA;;; BA)(A;; FA;;; SY)(A;; FRFX;;; LS)</SecurityDescriptor> <>Sumber '$(@%SystemRoot%\system32\TpmTasks.dll,-601)</Source> <Penulis>'$(@%SystemRoot%\system32\TpmTasks.dll,-600)</Author> <Deskripsi>'$(@%SystemRoot%\system32\TpmTasks.dll,-604)</Description> <URI>\Microsoft\Windows\PI\Secure-Boot-Update</URI> </RegistrationInfo> > Prinsipal < <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> >/Prinsipal < </Prinsipal> > Pengaturan < <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> ><0 StopIfGoingOnBatteries><palsu /StopIfGoingOnBatteries> ><4 ExecutionTimeLimit>PT1H</ExecutionTimeLimit> ><8 MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <StartWhenAvailable>true</StartWhenAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine> </> Pengaturan > Pemicu < <BootTrigger> <Tunda>PT5M</Delay> > Pengulangan < <Interval>PT12H</Interval> <> Pengulangan <> /BootTrigger </Triggers> <Actions Context="LocalSystem"> <ComHandler> <ClassId>{5014B7C8-934E-4262-9816-887FA745A6C4}</ClassId> >< Data <! [CDATA[SBServicing]]></Data> </ComHandler> </Tindakan> </> Tugas " @
try { if ($Computer -eq $env:COMPUTERNAME -or $Computer -eq "localhost" -or $Computer -eq ".") { if ($PSCmdlet.ShouldProcess("$TaskPath$TaskName", "Create scheduled task")) { # Simpan XML untuk file sementara dan impor $tempFile = [System.IO.Path]::GetTempFileName() $taskXml | Out-File -FilePath $tempFile -Encoding Unicode -Force $output = schtasks.exe /Create /TN "$TaskPath$TaskName" /XML $tempFile /F 2>&1 Remove-Item $tempFile -Force -ErrorAction SilentlyContinue if ($LASTEXITCODE -eq 0) { $success = $true } lain { $errorMsg = $output -join " " } } } lainnya { if ($PSCmdlet.ShouldProcess("$Computer\$TaskPath$TaskName", "Create scheduled task")) { $result = Invoke-Command -ComputerName $Computer -ScriptBlock { param($taskPath, $taskName, $xml) $tempFile = [System.IO.Path]::GetTempFileName() $xml | Out-File -FilePath $tempFile -Encoding Unicode -Force $output = schtasks.exe /Create /TN "$taskPath$taskName" /XML $tempFile /F 2>&1 Remove-Item $tempFile -Force -ErrorAction SilentlyContinue @{ ExitCode = $LASTEXITCODE; Output = $output } } -ArgumentList $TaskPath, $TaskName, $taskXml -ErrorAction Stop jika ($result. ExitCode -eq 0) { $success = $true } lain { $errorMsg = $result. Output -join " " " } } } } tangkap { $errorMsg = $_. Pengecualian.Pesan }
return @{ Keberhasilan = $success Kesalahan = $errorMsg } }
function Enable-SecureBootTask { [CmdletBinding(SupportsShouldProcess)] param( [string]$Computer = $env:COMPUTERNAME )
$success = $false $errorMsg = $null
try { if ($Computer -eq $env:COMPUTERNAME -or $Computer -eq "localhost" -or $Computer -eq ".") { if ($PSCmdlet.ShouldProcess("$TaskPath$TaskName", "Enable scheduled task")) { $output = schtasks.exe /Change /TN "$TaskPath$TaskName" /ENABLE 2>&1 if ($LASTEXITCODE -eq 0) { $success = $true } lain { $errorMsg = $output -join " " } } } lainnya { if ($PSCmdlet.ShouldProcess("$Computer\$TaskPath$TaskName", "Enable scheduled task")) { $result = Invoke-Command -ComputerName $Computer -ScriptBlock { param($fullTaskName) $output = schtasks.exe /Ubah /TN $fullTaskName /ENABLE 2>&1 @{ ExitCode = $LASTEXITCODE; Output = $output } } -ArgumentList "$TaskPath$TaskName" -ErrorAction Stop jika ($result. ExitCode -eq 0) { $success = $true } lain { $errorMsg = $result. Output -join " " " } } } } tangkap { $errorMsg = $_. Pengecualian.Pesan }
return @{ Keberhasilan = $success Kesalahan = $errorMsg } }
# Main execution Write-Host "" Write-Host "========================================" -ForegroundColor Sian Write-Host " Secure Boot Update Task Enabler" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Sian Write-Host "" Write-Host "Tugas: $TaskPath$TaskName" -ForegroundColor Gray Write-Host ""
# Determine target computers $targets = if ($ComputerName) { $ComputerName } else { @($env:COMPUTERNAME) }
$results = @()
foreach ($computer in $targets) { Write-Host "Memeriksa: $computer" -ForegroundColor Yellow $status = Get-SecureBootTaskStatus -$computer Komputer jika ($status. Kesalahan) { Write-Host " Kesalahan: $($status. Kesalahan)" -ForegroundColor Red } elseif (-not $status. TaskExists) { Write-Host " Tugas tidak ada pada sistem ini" -ForegroundColor Red # Buat jika diminta, atau perintah jika Aktifkan ditentukan $shouldCreate = $Create if (-not $shouldCreate -and $Enable) { Write-Host "" Write-Host " Tugas mungkin telah dihapus." -ForegroundColor Yellow if ($Quiet) { Write-Host " Tugas pembuatan otomatis (mode Diam)" -ForegroundColor Sian $shouldCreate = $true } lain { $confirm = Read-Host " Apakah Anda ingin membuat ulang tugas? (Y/N)" if ($confirm -eq 'Y' -or $confirm -eq 'y') { $shouldCreate = $true } } } if ($shouldCreate) { Write-Host " Membuat tugas..." -ForegroundColor Yellow $createResult = New-SecureBootTask -$computer Komputer if ($createResult.Success) { Write-Host " Tugas berhasil dibuat" -ForegroundColor Green # Periksa kembali status $status = Get-SecureBootTaskStatus -$computer Komputer jika ($status. TaskExists) { $stateColor = jika ($status. IsEnabled) { "Green" } else { "Red" } Write-Host " Negara Bagian: $($status. TaskState)" -ForegroundColor $stateColor } } lainnya { Write-Host " Gagal membuat: $($createResult.Error)" -ForegroundColor Red } } } lainnya { $stateColor = jika ($status. IsEnabled) { "Green" } else { "Red" } Write-Host " Negara Bagian: $($status. TaskState)" -ForegroundColor $stateColor jika ($status. LastRunTime -dan $status. LastRunTime -ne [DateTime]::MinValue) { Write-Host " Last Run: $($status. LastRunTime)" -ForegroundColor Gray } jika ($status. NextRunTime -dan $status. NextRunTime -ne [DateTime]::MinValue) { Write-Host " Next Run: $($status. NextRunTime)" -ForegroundColor Gray }
# Enable if requested and currently disabled jika ($Enable -and -not $status. IsEnabled) { Write-Host " Mengaktifkan tugas..." -ForegroundColor Yellow $enableResult = Enable-SecureBootTask -$computer Komputer if ($enableResult.Success) { Write-Host " Tugas berhasil diaktifkan" -ForegroundColor Green # Periksa kembali status $status = Get-SecureBootTaskStatus -$computer Komputer } lainnya { Write-Host " Gagal mengaktifkan: $($enableResult.Error)" -ForegroundColor Red } } elseif ($Enable -and $status. IsEnabled) { Write-Host " Tugas sudah diaktifkan" -ForegroundColor Green } } $results += $status Write-Host "" }
# Summary Write-Host "========================================" -ForegroundColor Sian Write-Host " Ringkasan" -ForegroundColor Sian Write-Host "========================================" -ForegroundColor Sian
$enabled = ($results | Where-Object { $_.IsEnabled }).Count $disabled = ($results | Where-Object { $_. TaskExists -and -not $_. IsEnabled }). Menghitung $notFound = ($results | Where-Object { -not $_. TaskExists }). Menghitung $errors = ($results | Where-Object { $_. Kesalahan }). Menghitung
Write-Host "Total Checked: $($results.Count)" Write-Host "Diaktifkan: $enabled" -Hijau ForegroundColor if ($disabled -gt 0) { Write-Host "Disabled: $disabled" -ForegroundColor Red } if ($notFound -gt 0) { Write-Host "Not Found: $notFound" -ForegroundColor Yellow } if ($errors -gt 0) { Write-Host "Errors: $errors" -ForegroundColor Red }
# Return results for pipeline $results
