The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Fix Secure Boot isn’t configured correctly in Windows

Download Windows Speedup Tool to fix errors and make PC run faster

The Secure Boot feature in Windows 11/10/8.1/8, assures a user that his PC boots using only firmware that is trusted by the manufacturer and no one else. So, if there are any incorrect configurations, end users might be presented with SecureBoot isn’t Configured Correctly watermark in the bottom right corner of your desktop.

Secure Boot isn't configured correctly

Why does this feature assume importance? Well, when the Secure Boot is activated on a PC, the PC checks each piece of software, including the option ROMs, UEFI drivers, UEFI apps, and the operating system, against databases of known-good signatures maintained in the firmware. If each piece of software is valid, the firmware runs the software and the operating system. Unauthorized software such as rootkit viruses is prevented from running.

So if you see the Secure Boot isn’t configured watermark correctly on the desktop, it probably indicates that the Windows Secure Boot feature has either been disabled or hasn’t been set up on your PC. The problem wasn’t known much until early Windows adopters started switching to the latest Windows 8.1 update available for free from the Windows Store.

Read: What is Secure Boot, Trusted Boot, Measured Boot.

Secure Boot isn’t configured correctly in Windows

A handful of users started getting Secure Boot Isn’t Configured Correctly message after upgrading to a newer Windows version. Even though no workaround has been made available right now, Microsoft offers a few instructions to get the problem fixed.

First, you need to check to see if Secure Boot has been disabled in the BIOS, and in case it is, re-enable it. Then, you should try resetting the BIOS back to factory settings, and in case this doesn’t work, you could try resetting your PC back to factory state and then re-enable Secure Boot.

Read: How to Secure the Windows Boot Process.

Disable or Enable Secure Boot in Windows

While I do not recommend that you disable Secure Boot, if the option is present on your system, should you wish to, you can disable Secure Boot, by tweaking your BIOS. Using Advanced Options in Windows, click on UEFI Firmware Settings and restart your PC. Now in your BIOS settings screen, in your motherboards UEFI settings, you will see the option to enable or disable Secure Boot, somewhere under the Security section.

View and Check the Event Viewer

To find out the possible reasons, you could check out the Windows Logs. The Windows Event Viewer shows a log of application and system messages – errors, information messages, and warnings.

  • Go to View Event Logs > Applications and Services Logs

Secure Boot isn't configured correctly

  • Next, choose Microsoft from the Right-pane and then Windows.
  • Now, under Microsoft select the Windows folder and search for Verify HardwareSecurity > Admin.

Admin

Then, look for either of these logged events:

  1. Secure Boot is currently disabled. Please enable Secure Boot through the system firmware. (The PC is in UEFI mode, and Secure Boot is disabled.) or
  2. A non-production Secure Boot Policy was detected. Remove Debug/PreRelease policy through the system firmware. (The PC has a non-production policy.)

You can also use PowerShell commands to check the status.

To see if Secure Boot is disabled, use the PowerShell command: Confirm-SecureBootUEFI. You’ll get one of these responses:

  1. True: Secure Boot is enabled, and the watermark won’t appear.
  2. False: Secure Boot is disabled, and a watermark will appear.
  3. Cmdlet not supported on this platform: The PC may not support Secure Boot, or the PC may be configured in legacy BIOS mode. The watermark won’t appear.

To see if you have a non-production policy installed, use the PowerShell command: Get-SecureBootPolicy. You’ll get one of these responses:

  1. {77FA9ABD-0359-4D32-BD60-28F4E78F784B}: The correct Secure Boot policy is in place.
  2. Anything other GUID: A non-production Secure Boot policy is in place.
  3. Secure Boot policy is not enabled on this machine: The PC may not support Secure Boot, or the PC may be configured in legacy BIOS mode. The watermark won’t appear.

Source: TechNet.

How do I fix Secure Boot isn’t configured correctly?

To fix Secure Boot isn’t configured correctly error, you need to enable Secure Boot from BIOS. Depending upon the motherboard, you can find this setting in different locations. However, almost all modern-day motherboards come with the Secure Boot switch so that users can enable or disable the setting when needed.

How do you fix Secure Boot isn’t configured correctly Insider Build?

To fix Secure Boot isn’t configured correctly on Build 9600 error, you must enable the Secure Boot setting from the BIOS. If it is already enabled on your computer, you need to verify whether your PC detects the change or not. For that, you can open Event Viewer and go to Applications and Services Logs. Here you can find the Windows folder under Microsoft. Then, expand the VerifyHardwareSecurity section and click on the Admin option. Here it shows whether Secure Boot is turned on or off.

NOTE: Microsoft has released an Update – KB2902864, which removes the “Windows Secure Boot isn’t configured correctly” watermark.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.