Skip navigation

BitLocker Info - New Op Rule Requested

score 65
You have not voted. Product Team Review

Since more and more customers have dropped Windows 7 and moved to Windows 10 and using UEFI they have also adopted BitLocker as default encryption tool. I would suggest creating a NEW OOTB Op Rule under Security Inventory to display BitLocker Status.

 

I have created an Op Rule to collect information and post in Custom Inventory but it should be listed under Security Inventory and be available to all Client Management customers by default.

 

Here is my attempt to collect this data:

 

Results:

 

Here is the File that was generated by this CMD: manage-bde -status c: > C:\BCM\BitlockerStatus.log

 

BitlockerStatus.log

BitLocker Drive Encryption: Configuration Tool version 10.0.17134
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume C: []
[OS Volume]

    Size:                 930.19 GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Key Protectors:       None Found

 

 

Due to the header info I have added steps to remove all the header info rows and also added a step to replace CRLF with "," so the result looks like this:

 

BitLockerStatus2.log
    Size:                 930.19 GB,    BitLocker Version:    None,    Conversion Status:    Fully Decrypted,    Percentage Encrypted: 0.0%,    Encryption Method:    None,    Protection Status:    Protection Off,    Lock Status:          Unlocked,    Identification Field: None,    Key Protectors:       None Found,

 

By having a single row I am able to create a single Regular Expression Inventory object with multiple columns.

 

I have attached the actual Op Rule if anyone would like to use this but make sure you test and understand that if you use another product to Encrypt the results will look like my entry above...

 

This Op Rule should run a regular schedule to capture the status at any given time. Run on Start Up, On Session Startup, or Repeatedly on Schedule...

 

 

There is a WMI object to collect information but not as detailed information that is available from the manage-bde command.

 

https://www.windows-noob.com/forums/topic/4095-how-can-i-determine-if-the-drive-is-encrypted-protected-or-not-during-a-b…

 

Please vote this up as I see this as a useful tool to ensure compliance when run with the Custom Compliance Module and Alerts or Non Compliance Group to force Encryption.

Comments

Vote history