#185317 - 2008-02-13 06:17 PM
Detect Bitlocker
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
I have found these resources: http://msdn2.microsoft.com/en-us/library/aa376434(VS.85).aspx http://forensicir.blogspot.com/2007/03/detecting-bitlocker.html
And here are the 2 scripts I wrote: VBS
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48)
For Each objItem in colItems
Wscript.Echo "DeviceID: " & objItem.DeviceID
Wscript.Echo "DriveLetter: " & objItem.DriveLetter
Wscript.Echo "EncryptionMethod: " & objItem.GetEncryptionMethod
Wscript.Echo "ProtectionStatus: " & objItem.GetProtectionStatus
Wscript.Echo "ConversionStatus: " & objItem.GetConversionStatus
Next
kix
$strComputer ='.'
$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\CIMV2\Security\MicrosoftVolumeEncryption")
If not @error
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume")
? ubound($colItems)
For Each $objItem in $colItems
? "-----------------------------------"
? "Bitlocker Encryptable Volumes"
? "-----------------------------------"
? "DeviceID: " + $objItem.DeviceID
? "DriveLetter: " + $objItem.DriveLetter
? "EncryptionMethod: " + $objItem.GetEncryptionMethod
? "ProtectionStatus: " + $objItem.GetProtectionStatus
? "ConversionStatus: " + $objItem.GetConversionStatus
Next
else
? 'error: '+@serror
endif
it connects, reports the deviceID and Driveletter, but the last 3 values always report 0
I've tested it on encrypted drives and unencrypted drives, all return the same results
Help :-)
|
Top
|
|
|
|
#185336 - 2008-02-14 02:37 AM
Re: Detect Bitlocker
[Re: NTDOC]
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
It is setup on our Vista Enterprise tablet image. It is prepartitioned and ready to encrypt.
Due to security policy, we need to verify that the tech that did the final enduser config has actually turned it on and encrypted the drive.
I keep busy with kix, last project was the SQL inventory service... kix script running as service that does hardware inventory and uploads data to SQL server.
|
Top
|
|
|
|
#185527 - 2008-02-21 02:27 AM
Re: Detect Bitlocker
[Re: brewdude6]
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
I haven't yet, but I can. I'll start another thread as to not hijack this one.
However, one of the software items I want to inventory is bitlocker state...
HINT HINT :-)
|
Top
|
|
|
|
#185665 - 2008-02-25 06:23 PM
Re: Detect Bitlocker
[Re: Radimus]
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
Someone give me some love...
Help, I'm drowning... gurg
|
Top
|
|
|
|
#193721 - 2009-05-06 11:12 PM
Re: Detect Bitlocker
[Re: Mart]
|
OldDog
Just in Town
Registered: 2009-05-06
Posts: 1
Loc: Saint Paul, MN
|
Hi,
Here is a vbScript that works;
'<--- Begin Script ----------> dim retval, em , cs arrComputers = Array(".") For Each strComputer In arrComputers WScript.Echo WScript.Echo "==========================================" WScript.Echo "Computer: " & strComputer WScript.Echo "=========================================="
Set objWMIService = GetObject("winmgmts:\\" & strComputer _ & "\root\CIMV2\Security\MicrosoftVolumeEncryption") Set volumes = objWMIService.InstancesOf("Win32_EncryptableVolume")
for Each volume in volumes If volume.DriveLetter = "C:" then retval = volume.GetEncryptionMethod(em) retval1 = volume.GetConversonStatus(cs) WScript.Echo em & vbTab & cs End If Next '<-- End Script ----->
If you get a 0 (zero) it's not encrypted, a 1 (one) means it is. Conversion status 1 means fully encrypted, 2 means it's in process
|
Top
|
|
|
|
#193727 - 2009-05-07 09:12 AM
Re: Detect Bitlocker
[Re: Arend_]
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
2 registered
(morganw, mole)
and 414 anonymous users online.
|
|
|