This document will cover the process used to collect custom inventory items for Microsoft Windows BitLocker HDD Encryption.
Steps used to Collect Data
- Research methods to retrieve BitLocker Status (Decided to use CMD: "manage-bde -status c: > C:\BCM\BitlockerStatus.log"
- You can see I piped data to an output file called "BitlockerStatus.log"
- Create Op Rule with following Steps
- Create Directory (Must have a directory to write my file)
- Execute Program (Must own Deploy Module)
- Created 5 steps using "File Analysis via Regular Expression" (I parsed same file 5 times to get the data I was looking to collect)
- The last step is to Update & Upload Custom Inventory
- Assign this Rule to a device you know has BitLocker enabled and one that does not to ensure you are collecting the data properly (TEST)
I have exported this rule and have attached at the bottom of this article so you can download and IMPORT to run (Once imported it will be in Global Settings > Lost and Found. Just locate > Copy and then paste in your desired folder under Operational Rules.
Once the data is collected you can then create a query to find all devices where BitLocker is either enabled or disabled (depends on what you are trying to achieve). From there you can create a Device Group from the query or simply create a report showing the results.
This is a screen shot of a single device using a report:
I hope you find this useful,
This document was written in response to Surendar Cholkar and his post: