| Radimus |
| (KiX Supporter) |
| 2008-02-13 06:17 PM |
|
Detect Bitlocker
|
I have found these resources:
http://msdn2.microsoft.com/en-us/library/aa376434(VS.85).aspx
http://forensicir.blogspot.com/2007/03/detecting-bitlocker.html
And here are the 2 scripts I wrote:
VBS
Code:
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48)
For Each objItem in colItems
Wscript.Echo "DeviceID: " & objItem.DeviceID
Wscript.Echo "DriveLetter: " & objItem.DriveLetter
Wscript.Echo "EncryptionMethod: " & objItem.GetEncryptionMethod
Wscript.Echo "ProtectionStatus: " & objItem.GetProtectionStatus
Wscript.Echo "ConversionStatus: " & objItem.GetConversionStatus
Next
kix
Code:
$strComputer ='.'
$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\CIMV2\Security\MicrosoftVolumeEncryption")
If not @error
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume")
? ubound($colItems)
For Each $objItem in $colItems
? "-----------------------------------"
? "Bitlocker Encryptable Volumes"
? "-----------------------------------"
? "DeviceID: " + $objItem.DeviceID
? "DriveLetter: " + $objItem.DriveLetter
? "EncryptionMethod: " + $objItem.GetEncryptionMethod
? "ProtectionStatus: " + $objItem.GetProtectionStatus
? "ConversionStatus: " + $objItem.GetConversionStatus
Next
else
? 'error: '+@serror
endif
it connects, reports the deviceID and Driveletter, but the last 3 values always report 0
I've tested it on encrypted drives and unencrypted drives, all return the same results
Help :-)
NTDOC
|
| (KiX Master) |
| 2008-02-13 09:50 PM |
|
|
Re: Detect Bitlocker
|
Hi Rad - Glad to see you're still plugging away.
Do you have a system with Bitlocker?
Quote:
BitLocker Drive Encryption
Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers and in Windows Server 2008. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned.
Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers and in Windows Server 2008. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned.
BitLocker Drive Encryption
| Radimus |
| (KiX Supporter) |
| 2008-02-14 02:37 AM |
|
|
|
Re: Detect Bitlocker
|
It is setup on our Vista Enterprise tablet image. It is prepartitioned and ready to encrypt.
Due to security policy, we need to verify that the tech that did the final enduser config has actually turned it on and encrypted the drive.
I keep busy with kix, last project was the SQL inventory service... kix script running as service that does hardware inventory and uploads data to SQL server.
| brewdude6 |
| (Hey THIS is FUN) |
| 2008-02-20 03:32 PM |
|
|
Re: Detect Bitlocker
|
Is you inventory scripts posted?
| Radimus |
| (KiX Supporter) |
| 2008-02-21 02:27 AM |
|
|
|
Re: Detect Bitlocker
|
I haven't yet, but I can. I'll start another thread as to not hijack this one.
However, one of the software items I want to inventory is bitlocker state...
HINT HINT :-)
| Radimus |
| (KiX Supporter) |
| 2008-02-25 06:23 PM |
|
|
|
Re: Detect Bitlocker
|
Someone give me some love...
Help, I'm drowning... gurg
|
NTDOC
|
| (KiX Master) |
| 2008-02-25 07:48 PM |
|
|
|
Re: Detect Bitlocker
|
LOL - Would love to guy but I don't have a version of Vista that has it so can't even test it out for you.
| Mart |
| (KiX Supporter) |
| 2008-02-26 02:15 PM |
|
|
Re: Detect Bitlocker
|
Originally Posted By: Radimus
Someone give me some love...
Help, I'm drowning... gurg
Help, I'm drowning... gurg
I would hand it over if I had some but I got nothing for bitlocker
| OldDog |
| (Just in Town) |
| 2009-05-06 11:12 PM |
|
Re: Detect Bitlocker
|
Hi,
Here is a vbScript that works;
'<--- Begin Script ---------->
dim retval, em , cs
arrComputers = Array(".")
For Each strComputer In arrComputers
WScript.Echo
WScript.Echo "=========================================="
WScript.Echo "Computer: " & strComputer
WScript.Echo "=========================================="
Set objWMIService = GetObject("winmgmts:\\" & strComputer _
& "\root\CIMV2\Security\MicrosoftVolumeEncryption")
Set volumes = objWMIService.InstancesOf("Win32_EncryptableVolume")
for Each volume in volumes
If volume.DriveLetter = "C:" then
retval = volume.GetEncryptionMethod(em)
retval1 = volume.GetConversonStatus(cs)
WScript.Echo em & vbTab & cs
End If
Next
'<-- End Script ----->
If you get a 0 (zero) it's not encrypted, a 1 (one) means it is.
Conversion status 1 means fully encrypted, 2 means it's in process
| Arend_ |
| (MM club member) |
| 2009-05-07 09:07 AM |
|
|
Re: Detect Bitlocker
|
Rad, I'm sorry but you are out of luck, GetEncryptionMethod and GetConversionStatus use OUT Parameters. Something KiX still doesn't support (and God know I've asked for it many times).
|
Richard H.
|
| (KiX Supporter) |
| 2009-05-07 09:12 AM |
|
Re: Detect Bitlocker
|
Can you use the ExecMethod_ trick on this as with GetOwner in this post: http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Board=8&Number=90357