MSFT_HgsClientConfiguration class
Describes the configuration of the Host Guardian Service Client.
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.
[dynamic, provider("HgsClientWmi"), ClassVersion("1.0"), AMENDMENT]
class MSFT_HgsClientConfiguration
{
uint16 Mode;
boolean IsHostGuarded;
string KeyProtectionServerUrl;
string AttestationServerUrl;
uint16 AttestationOperationMode;
uint16 AttestationStatus;
uint64 AttestationSubstatus;
};
The MSFT_HgsClientConfiguration class has these types of members:
The MSFT_HgsClientConfiguration class has these methods.
Method | Description |
---|---|
Get | Retrieves the local Host Guardian Service configuration. |
SetByChangeToLocalMode | Modifies the configuration of the Host Guardian Service Client. |
SetBySecureHostingServiceMode | Modifies the configuration of the Host Guardian Service Client. |
The MSFT_HgsClientConfiguration class has these properties.
-
AttestationOperationMode
-
-
Data type: uint16
-
Access type: Read-only
Indicates the attestation mode.
The possible values are.
-
-
0
-
The attestation mode is unknown.
-
1
-
The attestation mode is TPM-based.
-
2
-
The attestation mode is AD-based.
AttestationServerUrl
-
Data type: string
-
Access type: Read-only
URL for the attestation server.
AttestationStatus
-
Data type: uint16
-
Access type: Read-only
Indicates the attestation status.
0
Attestation is not configured.
1
No attestation has been attempted.
100
Last attestation attempt passed and the health cert is valid.
200
Last attestation attempt passed but the health cert has expired.
300
Last attestation attempt failed with a retriable error.
301
Last attestation attempt failed due to host not authorized on the fabric.
302
Last attestation attempt failed due to a TPM related error.
303
Last attestation attempt failed due to an insecure host configuration.
AttestationSubstatus
-
Data type: uint64
-
Access type: Read-only
Bitfield that indicates the attestation substatus.
0
No information is available.
1
One or more secure boot configurations are insecure.
2
One or more debug modes are enabled.
4
Code integrity policy is insecure.
IsHostGuarded
-
Data type: boolean
-
Access type: Read-only
True if the VM host is guarded,
KeyProtectionServerUrl
-
Data type: string
-
Access type: Read-only
URL for the key protection server.
Mode
-
Data type: uint16
-
Access type: Read-only
Gets the mode.
The possible values are.
Unknown (0)
Local Mode (1)
Secure Hosting Service Mode (2)
Minimum supported client |
Windows 10 [desktop apps only] |
Minimum supported server |
Windows Server 2016 |
Namespace |
Root\Microsoft\Windows\Hgs |
MOF |
|
DLL |
|