Run the below function to view an output similar to this:
BTIHardwarePresent : True -> apply OEM BIOS/firmware update
BTIWindowsSupportPresent : True -> install January 2018 update
BTIWindowsSupportEnabled : True -> On server, follow guidance https://support.microsoft.com/help/4072698
BTIDisabledBySystemPolicy : False -> ensure not disabled by policy. False is expected
BTIDisabledByNoHardwareSupport : False -> ensure OEM BIOS/firmware update is applied.
BTIKernelRetpolineEnabled : True
BTIKernelImportOptimizationEnabled : True
KVAShadowRequired : True -> no action, this is a function of the CPU the computer uses
KVAShadowWindowsSupportPresent : True -> install January 2018 update
KVAShadowWindowsSupportEnabled : True -> On server, follow guidance https://support.microsoft.com/help/4072698
KVAShadowPcidEnabled : True -> no action , this is a function of the CPU the computer uses
SSBDWindowsSupportPresent : True -> install Windows updates as documented in adv180012 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
SSBDHardwareVulnerable : True
SSBDHardwarePresent : True -> install BIOS/firmware update with support for SSBD from your device OEM
SSBDWindowsSupportEnabledSystemWide : False -> follow recommended actions to turn on SSBD https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
Source: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
function checkSpeculationControls($computer=$env:computername){
$command={
# Interpretations of output: https://support.microsoft.com/en-us/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell
#$originalExecutionPolicy = Get-ExecutionPolicy
#Set-ExecutionPolicy RemoteSigned -Scope Currentuser
if(!(Get-command Get-SpeculationControlSettings -ea SilentlyContinue)){
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
if(!(Get-Module nuget)){
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
}
Install-Module SpeculationControl -force
}
#Set-ExecutionPolicy $originalExecutionPolicy -Scope Currentuser
return Get-SpeculationControlSettings
}
invoke-command -ComputerName $computer -ScriptBlock $command
}