Page 1 of 1 1
Topic Options
#185317 - 2008-02-13 06:17 PM Detect Bitlocker
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
I have found these resources:
http://msdn2.microsoft.com/en-us/library/aa376434(VS.85).aspx
http://forensicir.blogspot.com/2007/03/detecting-bitlocker.html

And here are the 2 scripts I wrote:
VBS
 Code:
strComputer = "." 
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") 
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48) 

For Each objItem in colItems
	Wscript.Echo "DeviceID: " & objItem.DeviceID
	Wscript.Echo "DriveLetter: " & objItem.DriveLetter
	Wscript.Echo "EncryptionMethod: " & objItem.GetEncryptionMethod
	Wscript.Echo "ProtectionStatus: " & objItem.GetProtectionStatus
	Wscript.Echo "ConversionStatus: " & objItem.GetConversionStatus
Next


kix
 Code:
$strComputer ='.'


$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\CIMV2\Security\MicrosoftVolumeEncryption") 
If not @error
	$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume") 
? ubound($colItems)
	For Each $objItem in $colItems
		? "-----------------------------------"
		? "Bitlocker Encryptable Volumes"
		? "-----------------------------------"
		? "DeviceID: " + $objItem.DeviceID
		? "DriveLetter: " + $objItem.DriveLetter
		? "EncryptionMethod: " + $objItem.GetEncryptionMethod
		? "ProtectionStatus: " + $objItem.GetProtectionStatus
		? "ConversionStatus: " + $objItem.GetConversionStatus
	Next
else
	? 'error: '+@serror
endif


it connects, reports the deviceID and Driveletter, but the last 3 values always report 0

I've tested it on encrypted drives and unencrypted drives, all return the same results


Help :-)
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#185327 - 2008-02-13 09:50 PM Re: Detect Bitlocker [Re: Radimus]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Hi Rad - Glad to see you're still plugging away.

Do you have a system with Bitlocker?

 Quote:
BitLocker Drive Encryption

Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers and in Windows Server 2008. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned.

BitLocker Drive Encryption

Top
#185336 - 2008-02-14 02:37 AM Re: Detect Bitlocker [Re: NTDOC]
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
It is setup on our Vista Enterprise tablet image. It is prepartitioned and ready to encrypt.

Due to security policy, we need to verify that the tech that did the final enduser config has actually turned it on and encrypted the drive.


I keep busy with kix, last project was the SQL inventory service... kix script running as service that does hardware inventory and uploads data to SQL server.
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#185508 - 2008-02-20 03:32 PM Re: Detect Bitlocker [Re: Radimus]
brewdude6 Offline
Hey THIS is FUN

Registered: 2000-10-21
Posts: 280
Loc: Nashville, TN
Is you inventory scripts posted?
_________________________
I could have made a neat retort but didn't, for I was flurried and didn't think of it till I was downstairs.
-Mark Twain

Top
#185527 - 2008-02-21 02:27 AM Re: Detect Bitlocker [Re: brewdude6]
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
I haven't yet, but I can. I'll start another thread as to not hijack this one.

However, one of the software items I want to inventory is bitlocker state...

HINT HINT :-)
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#185665 - 2008-02-25 06:23 PM Re: Detect Bitlocker [Re: Radimus]
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
Someone give me some love...

Help, I'm drowning... gurg
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#185668 - 2008-02-25 07:48 PM Re: Detect Bitlocker [Re: Radimus]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
LOL - Would love to guy but I don't have a version of Vista that has it so can't even test it out for you.
Top
#185708 - 2008-02-26 02:15 PM Re: Detect Bitlocker [Re: Radimus]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
 Originally Posted By: Radimus
Someone give me some love...

Help, I'm drowning... gurg


I would hand it over if I had some but I got nothing for bitlocker \:\(
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#193721 - 2009-05-06 11:12 PM Re: Detect Bitlocker [Re: Mart]
OldDog Offline
Just in Town

Registered: 2009-05-06
Posts: 1
Loc: Saint Paul, MN
Hi,

Here is a vbScript that works;

'<--- Begin Script ---------->
dim retval, em , cs
arrComputers = Array(".")
For Each strComputer In arrComputers
WScript.Echo
WScript.Echo "=========================================="
WScript.Echo "Computer: " & strComputer
WScript.Echo "=========================================="

Set objWMIService = GetObject("winmgmts:\\" & strComputer _
& "\root\CIMV2\Security\MicrosoftVolumeEncryption")
Set volumes = objWMIService.InstancesOf("Win32_EncryptableVolume")

for Each volume in volumes
If volume.DriveLetter = "C:" then
retval = volume.GetEncryptionMethod(em)
retval1 = volume.GetConversonStatus(cs)
WScript.Echo em & vbTab & cs
End If
Next
'<-- End Script ----->


If you get a 0 (zero) it's not encrypted, a 1 (one) means it is.
Conversion status 1 means fully encrypted, 2 means it's in process

Top
#193726 - 2009-05-07 09:07 AM Re: Detect Bitlocker [Re: OldDog]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
Rad, I'm sorry but you are out of luck, GetEncryptionMethod and GetConversionStatus use OUT Parameters. Something KiX still doesn't support (and God know I've asked for it many times).
Top
#193727 - 2009-05-07 09:12 AM Re: Detect Bitlocker [Re: Arend_]
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Can you use the ExecMethod_ trick on this as with GetOwner in this post: http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Board=8&Number=90357
Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.068 seconds in which 0.027 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org