[Bug]: Detect-SecureBootCertUpdateStatus.ps1 fails on valid OutputPath

[jcoester]

Is there an existing issue for this?

• I have searched existing issues

Current Behavior

I hope issues regarding C:\Windows\SecureBoot\ExampleRolloutScripts belong here.
If not, could you point me to the right team?

---

Local Testing (Sample Secure Boot E2E Automation Guide) instructs to test the script locally using following command:

& .\Detect-SecureBootCertUpdateStatus.ps1 -OutputPath "C:\Temp\SecureBootTest"`

Result: Invalid OutputPath specified, outputting to stdout

---

Cause: Detect-SecureBootCertUpdateStatus.ps1 does not accept filepaths that include :, like C:\

# Validate OutputPath - skip if it looks like a help request or has invalid chars
if ($OutputPath -match '^[/\-]' -or $OutputPath -match '[<>:"|?*]') {
    Write-Host "Invalid OutputPath specified, outputting to stdout" -ForegroundColor Yellow

Replacing the path C:\ with \\localhost\c$\ is accepted and generates the correct JSON file.

Expected Behavior

A valid OutputPath should be accepted and generate the JSON output.

& .\Detect-SecureBootCertUpdateStatus.ps1 -OutputPath "C:\Temp\SecureBootTest"`

Should Result: JSON saved to: C:\Temp\SecureBootTest\{Redacted}_latest.json

Steps To Reproduce

Current Workaround

cd C:\Windows\SecureBoot\ExampleRolloutScripts\

& .\Detect-SecureBootCertUpdateStatus.ps1 -OutputPath "C:\Temp\SecureBootTest" 

& .\Detect-SecureBootCertUpdateStatus.ps1 -OutputPath "\\localhost\c$\Temp\SecureBootTest" 

Result 1: Invalid OutputPath specified, outputting to stdout
Result 2: JSON saved to: \\localhost\c$\Temp\SecureBootTest\{Redacted}_latest.json

Build Environment

- OS(s): Windows 11 25H2 (Build 26200.8457) - May 12, 2026

Version Information

'C:\Windows\SecureBoot\ExampleRolloutScripts' not part of this repository yet.

Urgency

Low

Are you going to fix this?

Someone else needs to fix it

Do you need maintainer feedback?

No maintainer feedback needed

Anything else?

No response