PS Bitlocker status

  • 791 Views
  • Last Post 03 December 2018
jeremy.stump posted this 03 December 2018

I want to run a ps script against all clients (not servers) in AD that are Laptops, then export the below highlighted Info to excel with column for client name and its status for Bitlocker Encryption. Either do WMI to look for Laptop hardware of I can look at a txt file for computers.   Volume C: [OSDisk] [OS Volume]       Size:                 296.93 GB     BitLocker Version:    Windows 7     Conversion Status:    Fully Encrypted     Percentage Encrypted: 100%     Encryption Method:    AES 128 with Diffuser     Protection Status:    Protection On     Lock Status:          Unlocked     Identification Field: None     Key Protectors:      

        Numerical Password         TPM And PIN

 

  Jeremy Stump | Analyst | Tech Services | BMHCC Corporate
Phone: (901) 227-8205 | Jeremy.Stump@xxxxxxxxxxxxxxxx
Opinions expressed above are not necessarily those of Baptist.

This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately.

P Please consider the environment before printing this email...

Order By: Standard | Newest | Votes
barkills posted this 03 December 2018

What’s the question?

 

show

jeremy.stump posted this 03 December 2018

I need a ps script to do it please.

 



Jeremy Stump


(901) 227-8205


show

hcoleman posted this 03 December 2018

https://gallery.technet.microsoft.com/scriptcenter/How-to-get-BitLocker-193ef058

 

 

show

jeremy.stump posted this 03 December 2018

Yeah I tried that, I only need laptops to be reported on since they leave network and need the additional security.



 

 

show

barkills posted this 03 December 2018

https://blogs.technet.microsoft.com/heyscriptingguy/2010/05/15/hey-scripting-guy-weekend-scripter-how-can-i-use-wmi-to-detect-laptops/

 

Note: get-wmiobject as used in the above blog post is superceded by get-ciminstance, but that’s a fairly easy substitution.

 

The exercise for you is to take the scripts you’ve been given here & put them together for your solution.

😊

 

Brian

 

show

kurtbuff posted this 03 December 2018

So put all of your laptops in a security group, and use foreach.

Kurt

show

jeremy.stump posted this 03 December 2018

Lets say I am walking into a company blind and they don’t have a comprehensive laptop list. I would need a script that did WMI query, then Bitlocker status, then export the details to excel.




Jeremy Stump
(901) 227-8205

show

webster posted this 03 December 2018

You are assuming WMI or CIM will return valid information regarding laptop or not a laptop.


Webster

show

kurtbuff posted this 03 December 2018

You might find more resources on the ntpowershell list. It's pretty low volume.

You can subscribe to it via email: ntpowershell+subscribe@xxxxxxxxxxxxxxxx

Or you can visit the web interface:
https://groups.google.com/group/ntpowershell

But, as part of your query, it will probably be useful to check on the
status of the battery. If there isn't one, it's not a laptop.

Google is your friend here...

Kurt

show

michael1 posted this 03 December 2018

Microsoft trusts it themselves. (From ZTIGather.wsf, part of MDT)

 

             Set objResults = objWMI.InstancesOf("Win32SystemEnclosure")

             bIsLaptop = false

             bIsDesktop = false

             bIsServer = false

             For each objInstance in objResults

 

                    If objInstance.ChassisTypes(0) = 12 or objInstance.ChassisTypes(0) = 21 then

                           ' Ignore docking stations

                    Else

 

                           If not IsNull(objInstance.SMBIOSAssetTag) then

                                 sAssetTag = Trim(objInstance.SMBIOSAssetTag)

                           End if

                           Select Case objInstance.ChassisTypes(0)

                           Case "8", "9", "10", "11", "12", "14", "18", "21", "30", "31", "32"

                                 bIsLaptop = true

                           Case "3", "4", "5", "6", "7", "15", "16", "35", "36"

                                 bIsDesktop = true

                           Case "23", "28"

                                 bIsServer = true

                           Case Else

                                 ' Do nothing

                           End Select

 

                    End if

 

             Next

 

show

michael1 posted this 03 December 2018

Generally speaking, if you want a script written for you, I think Experts Exchange is the best choice.

show

robertsingers posted this 03 December 2018

Going back to a distant memory, you can target a specific Laptop GPO using this as a WMI filter but it's generally smoother to have a laptop group that you keep populated via a scheduled script (and build script).
On Tue, 4 Dec 2018 at 09:26, Michael B. Smith <michael@xxxxxxxxxxxxxxxx> wrote:
















Microsoft trusts it themselves. (From ZTIGather.wsf, part of MDT)

 

             Set objResults = objWMI.InstancesOf("Win32SystemEnclosure")

             bIsLaptop = false

             bIsDesktop = false

             bIsServer = false

             For each objInstance in objResults

 

                    If objInstance.ChassisTypes(0) = 12 or objInstance.ChassisTypes(0) = 21 then

                           ' Ignore docking stations

                    Else

 

                           If not IsNull(objInstance.SMBIOSAssetTag) then

                                 sAssetTag = Trim(objInstance.SMBIOSAssetTag)

                           End if

                           Select Case objInstance.ChassisTypes(0)

                           Case "8", "9", "10", "11", "12", "14", "18", "21", "30", "31", "32"

                                 bIsLaptop = true

                           Case "3", "4", "5", "6", "7", "15", "16", "35", "36"

                                 bIsDesktop = true

                           Case "23", "28"

                                 bIsServer = true

                           Case Else

                                 ' Do nothing

                           End Select

 

                    End if

 

             Next

 

show

barkills posted this 03 December 2018

I'm going to say a couple semi-obvious things that I think need to be said, but which we may be too polite to say:

1. This topic isn't related to Active Directory, so is generally out of bounds. The only way this topic is in-bounds is via the alternative group policy approaches that a few are suggesting, but which the OP didn't ask for.
2. The OP wants us to do his job for him. I think a better outcome would be that they learn how to do this themselves.

I think we've generously provided some good resources that the OP could use to solve their own problem and now we should let this topic die.

Brian

show

Close