function checkSecureBoot {
  if ((Get-Command Confirm-SecureBootUEFI -ErrorAction  SilentlyContinue) -ne $null) {
    try {
      return Confirm-SecureBootUEFI
    }
    catch {
      return $false
    }
  }
  return $false
}

if (CheckSecureBoot) {
  Write-Host "SecureBoot: ON" 
} else {
  Write-Host "SecureBoot: OFF"
  exit 0
}
if ((Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection").AllowTelemetry -eq "0") { 
  Write-Host "Current telemetory setting: disabled(0)." 
  #Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Value 1
  #Write-Host "Set telemetory setting: disabled(0) to required(1)." 
}
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" -Name "MicrosoftUpdateManagedOptIn" -Value 0x5944
  Write-Host "Allow feature automatic DB updates by Microsoft."
exit 0