function DoesHostHaveNoAttestationProblems
{
param($hostComputerName)
$WbemLocator = New-Object -ComObject "WbemScripting.SWbemLocator"
$error.Clear()
$wbemService = $WbemLocator.ConnectServer($hostComputerName, "root\Microsoft\Windows\Hgs")
if($error -ne $null -and $error.Count -gt 0)
{
#Failing to find the WMI namespace means that the HGS client feature is not installed. This does not mean that there is a problem.
$error.Clear()
return $true
}
else
{
$clientConfig = Invoke-CimMethod -ClassName MSFT_HgsClientConfiguration -Namespace "root\Microsoft\Windows\Hgs" -MethodName "Get" -ComputerName $hostComputerName
#If the serverurl and Protectionserverurl are both not populated OR if they are populated and isHostguarded returns true then we know we are good
#bug fix 9107289
$attestationServerUrl = $clientConfig.cmdletOutput.AttestationServerUrl
$keyProtectionServerUrl = $clientConfig.cmdletOutput.KeyProtectionServerUrl
return ((($attestationServerUrl -eq "" -or $attestationServerUrl -eq $null ) -and ($keyProtectionServerUrl -eq "" -or $keyProtectionServerUrl -eq $null) ) -or $clientConfig.cmdletOutput.IsHostGuarded)
}
}
$momApi = new-Object -comObject "Mom.ScriptAPI"
$momBag = $momApi.CreatePropertyBag()
$hostComputerName =$HostComputerName
if($hostComputerName -eq $null)
{
$momApi.LogScriptEvent("CheckAttestationState.ps1",101,1,"CheckAttestationState was called with an invalid computer name and was not executed.")
$momBag.AddValue("HasNoAttestationProblem", $false)
}
else
{
$hasNoAttestationProblems = DoesHostHaveNoAttestationProblems($hostComputerName)
if($Error -ne $null -and $Error.Count -gt 0)
{
$hasNoAttestationProblems = $false;
}
if($hasNoAttestationProblems -eq $false)
{
$momApi.LogScriptEvent("CheckAttestationState.ps1", 101, 0, "Host " + $hostComputerName + " has a problem with attestation.")
}
$momBag.AddValue("HasNoAttestationProblem", $hasNoAttestationProblems)
Home
ENU