|
|
|||||||
I have found these resources: http://msdn2.microsoft.com/en-us/library/aa376434(VS.85).aspx http://forensicir.blogspot.com/2007/03/detecting-bitlocker.html And here are the 2 scripts I wrote: VBS Code: strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48) For Each objItem in colItems Wscript.Echo "DeviceID: " & objItem.DeviceID Wscript.Echo "DriveLetter: " & objItem.DriveLetter Wscript.Echo "EncryptionMethod: " & objItem.GetEncryptionMethod Wscript.Echo "ProtectionStatus: " & objItem.GetProtectionStatus Wscript.Echo "ConversionStatus: " & objItem.GetConversionStatus Next kix Code: $strComputer ='.' $objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\CIMV2\Security\MicrosoftVolumeEncryption") If not @error $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume") ? ubound($colItems) For Each $objItem in $colItems ? "-----------------------------------" ? "Bitlocker Encryptable Volumes" ? "-----------------------------------" ? "DeviceID: " + $objItem.DeviceID ? "DriveLetter: " + $objItem.DriveLetter ? "EncryptionMethod: " + $objItem.GetEncryptionMethod ? "ProtectionStatus: " + $objItem.GetProtectionStatus ? "ConversionStatus: " + $objItem.GetConversionStatus Next else ? 'error: '+@serror endif it connects, reports the deviceID and Driveletter, but the last 3 values always report 0 I've tested it on encrypted drives and unencrypted drives, all return the same results Help :-) |
||||||||
|
|
|||||||
Hi Rad - Glad to see you're still plugging away. Do you have a system with Bitlocker? Quote: BitLocker Drive Encryption Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers and in Windows Server 2008. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned. BitLocker Drive Encryption |
||||||||
|
|
|||||||
It is setup on our Vista Enterprise tablet image. It is prepartitioned and ready to encrypt. Due to security policy, we need to verify that the tech that did the final enduser config has actually turned it on and encrypted the drive. I keep busy with kix, last project was the SQL inventory service... kix script running as service that does hardware inventory and uploads data to SQL server. |
||||||||
|
|
|||||||
Is you inventory scripts posted? |
||||||||
|
|
|||||||
I haven't yet, but I can. I'll start another thread as to not hijack this one. However, one of the software items I want to inventory is bitlocker state... HINT HINT :-) |
||||||||
|
|
|||||||
Someone give me some love... Help, I'm drowning... gurg |
||||||||
|
|
|||||||
LOL - Would love to guy but I don't have a version of Vista that has it so can't even test it out for you. |
||||||||
|
|
|||||||
Originally Posted By: Radimus Someone give me some love... Help, I'm drowning... gurg I would hand it over if I had some but I got nothing for bitlocker |
||||||||
|
|
|||||||
Hi, Here is a vbScript that works; '<--- Begin Script ----------> dim retval, em , cs arrComputers = Array(".") For Each strComputer In arrComputers WScript.Echo WScript.Echo "==========================================" WScript.Echo "Computer: " & strComputer WScript.Echo "==========================================" Set objWMIService = GetObject("winmgmts:\\" & strComputer _ & "\root\CIMV2\Security\MicrosoftVolumeEncryption") Set volumes = objWMIService.InstancesOf("Win32_EncryptableVolume") for Each volume in volumes If volume.DriveLetter = "C:" then retval = volume.GetEncryptionMethod(em) retval1 = volume.GetConversonStatus(cs) WScript.Echo em & vbTab & cs End If Next '<-- End Script -----> If you get a 0 (zero) it's not encrypted, a 1 (one) means it is. Conversion status 1 means fully encrypted, 2 means it's in process |
||||||||
|
|
|||||||
Rad, I'm sorry but you are out of luck, GetEncryptionMethod and GetConversionStatus use OUT Parameters. Something KiX still doesn't support (and God know I've asked for it many times). |
||||||||
|
|
|||||||
Can you use the ExecMethod_ trick on this as with GetOwner in this post: http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Board=8&Number=90357 |