Aria Operations (vROPs) can report how many Secure Boot enabled VMs you have

There was a recent Microsoft Windows Update released for Windows Server 2022, when applied to VMs that have Secure Boot enabled, on reboot the VM boots directly into the BIOS and never hits the OS bootloader.

This not only posed a challenge but there are environments that may have couple of hundred VMs to a few thousands. For those those customers that have entitlement to Aria Operations or Aria Operations Cloud (formerly vRealize Operations) customers can generate a inventory report of VMs that contain that value with a few customizations.

Before I get into the steps I have to give credit to Brock Peterson for showing me the ropes on this. Check out his personal blog BrockPeterson.com.

In this example I’m running vROps 8.10.2 on-prem. The first step will be to modify the existing Active policy. From the vROps homepage go to Configure >> Policies. From here you should see the name of the default policy that comes out the box when you install vROps. Also notice the ‘Status’ column and it’s labeled as ‘Active’

From here you have two options in how you want to get to the edit. For the first option you can edit the entire policy by clicking ‘Edit Policy’


If you know which part of the policy you want to modify, you can click on the individual setting from within the policy itself

We will select ‘Metrics and Properties’

Begin typing ‘Virtual Machine’ and select the first one that says ‘Virtual Machine’

The following Metrics and Properties relating to Virtual Machines will appear, you can drill down and find the desired setting or you can even use a filter option.

From Properties>>Configuration>>Security>> ‘EFI Secure Boot enabled’ by default is set to ‘Deactivated’, click on the drop-down menu and select ‘Activated’

Click ‘Save’ and exit out, you may want to wait 5-10 minutes for vSphere to perform a collection an scan of the objects.

The next step will be adding the newly activated property to a ‘View’ so that we can generate a report that contains that modified View.

Click on the ellipses to open a menu and select ‘Edit’

When the Edit View appears, you want to go to ‘2. Data’ section and in step 2 you can either perform a keyword search or drill down the options.

From there on Step 3 highlight the property and drag it into the existing View and place it in your desired location. I personally chose to have it come after ‘Hardware Version’

In the ‘Configuration’ section, the ‘Metric name’ is the default name, however you can choose to change it in the ‘Metric label’

Click ‘Update’

In the Preview Source you will see a sample of the report with your data already generated.

Now you can go to the ‘Reports’ section and find the ‘Inventory Report – Virtual Machines’ and run the report.

In the following example, this is a preview of the PDF version of the report. However you can export to CSV and help track those VMs and attend to any maintenance or troubleshooting.

Leave a Reply