MSFT_HgsClientConfiguration class

Describes the configuration of the Host Guardian Service Client.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

[dynamic, provider("HgsClientWmi"), ClassVersion("1.0"), AMENDMENT]
class MSFT_HgsClientConfiguration
{
  uint16  Mode;
  boolean IsHostGuarded;
  string  KeyProtectionServerUrl;
  string  AttestationServerUrl;
  uint16  AttestationOperationMode;
  uint16  AttestationStatus;
  uint64  AttestationSubstatus;
};

Members

The MSFT_HgsClientConfiguration class has these types of members:

• Methods
• Properties

Methods

The MSFT_HgsClientConfiguration class has these methods.

Method	Description
Get	Retrieves the local Host Guardian Service configuration.
SetByChangeToLocalMode	Modifies the configuration of the Host Guardian Service Client.
SetBySecureHostingServiceMode	Modifies the configuration of the Host Guardian Service Client.

Properties

The MSFT_HgsClientConfiguration class has these properties.

AttestationOperationMode

Data type: uint16

Access type: Read-only

Indicates the attestation mode.

The possible values are.

0

The attestation mode is unknown.

1

The attestation mode is TPM-based.

2

The attestation mode is AD-based.

AttestationServerUrl

Data type: string

Access type: Read-only

URL for the attestation server.

AttestationStatus

Data type: uint16

Access type: Read-only

Indicates the attestation status.

0

Attestation is not configured.

1

No attestation has been attempted.

100

Last attestation attempt passed and the health cert is valid.

200

Last attestation attempt passed but the health cert has expired.

300

Last attestation attempt failed with a retriable error.

301

Last attestation attempt failed due to host not authorized on the fabric.

302

Last attestation attempt failed due to a TPM related error.

303

Last attestation attempt failed due to an insecure host configuration.

AttestationSubstatus

Data type: uint64

Access type: Read-only

Bitfield that indicates the attestation substatus.

0

No information is available.

1

One or more secure boot configurations are insecure.

2

One or more debug modes are enabled.

4

Code integrity policy is insecure.

IsHostGuarded

Data type: boolean

Access type: Read-only

True if the VM host is guarded,

KeyProtectionServerUrl

Data type: string

Access type: Read-only

URL for the key protection server.

Mode

Data type: uint16

Access type: Read-only

Gets the mode.

The possible values are.

Unknown (0)

Local Mode (1)

Secure Hosting Service Mode (2)

Requirements

Minimum supported client	Windows 10 [desktop apps only]
Minimum supported server	Windows Server 2016
Namespace	Root\Microsoft\Windows\Hgs
MOF	HgsClientWmi.mof
DLL	HgsClientWmi.dll

See also

Host Guardian Service WMI Provider