PS Bitlocker status

  • 33 Views
  • Last Post 2 weeks ago
jeremy.stump posted this 2 weeks ago

I want to run a ps script against all clients (not servers) in AD that are Laptops, then export the below highlighted Info to excel with column for client name and its status for Bitlocker Encryption. Either do WMI to look for Laptop hardware of I can look at a txt file for computers.   Volume C: [OSDisk] [OS Volume]       Size:                 296.93 GB     BitLocker Version:    Windows 7     Conversion Status:    Fully Encrypted     Percentage Encrypted: 100%     Encryption Method:    AES 128 with Diffuser     Protection Status:    Protection On     Lock Status:          Unlocked     Identification Field: None     Key Protectors:      

        Numerical Password         TPM And PIN

 

  Jeremy Stump | Analyst | Tech Services | BMHCC Corporate
Phone: (901) 227-8205 | Jeremy.Stump@xxxxxxxxxxxxxxxx
Opinions expressed above are not necessarily those of Baptist.

This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately.

P Please consider the environment before printing this email...

Order By: Standard | Newest | Votes
barkills posted this 2 weeks ago

What’s the question?

 

show

jeremy.stump posted this 2 weeks ago

I need a ps script to do it please.

 



Jeremy Stump


(901) 227-8205


show

hcoleman posted this 2 weeks ago

https://gallery.technet.microsoft.com/scriptcenter/How-to-get-BitLocker-193ef058

 

 

show

jeremy.stump posted this 2 weeks ago

Yeah I tried that, I only need laptops to be reported on since they leave network and need the additional security.



 

 

show

barkills posted this 2 weeks ago

https://blogs.technet.microsoft.com/heyscriptingguy/2010/05/15/hey-scripting-guy-weekend-scripter-how-can-i-use-wmi-to-detect-laptops/

 

Note: get-wmiobject as used in the above blog post is superceded by get-ciminstance, but that’s a fairly easy substitution.

 

The exercise for you is to take the scripts you’ve been given here & put them together for your solution.

😊

 

Brian

 

show

kurtbuff posted this 2 weeks ago

So put all of your laptops in a security group, and use foreach.

Kurt

show

jeremy.stump posted this 2 weeks ago

Lets say I am walking into a company blind and they don’t have a comprehensive laptop list. I would need a script that did WMI query, then Bitlocker status, then export the details to excel.




Jeremy Stump
(901) 227-8205

show

webster posted this 2 weeks ago

You are assuming WMI or CIM will return valid information regarding laptop or not a laptop.


Webster

show

kurtbuff posted this 2 weeks ago

You might find more resources on the ntpowershell list. It's pretty low volume.

You can subscribe to it via email: ntpowershell+subscribe@xxxxxxxxxxxxxxxx

Or you can visit the web interface:
https://groups.google.com/group/ntpowershell

But, as part of your query, it will probably be useful to check on the
status of the battery. If there isn't one, it's not a laptop.

Google is your friend here...

Kurt

show

michael1 posted this 2 weeks ago

Microsoft trusts it themselves. (From ZTIGather.wsf, part of MDT)

 

             Set objResults = objWMI.InstancesOf("Win32SystemEnclosure")

             bIsLaptop = false

             bIsDesktop = false

             bIsServer = false

             For each objInstance in objResults

 

                    If objInstance.ChassisTypes(0) = 12 or objInstance.ChassisTypes(0) = 21 then

                           ' Ignore docking stations

                    Else

 

                           If not IsNull(objInstance.SMBIOSAssetTag) then

                                 sAssetTag = Trim(objInstance.SMBIOSAssetTag)

                           End if

                           Select Case objInstance.ChassisTypes(0)

                           Case "8", "9", "10", "11", "12", "14", "18", "21", "30", "31", "32"

                                 bIsLaptop = true

                           Case "3", "4", "5", "6", "7", "15", "16", "35", "36"

                                 bIsDesktop = true

                           Case "23", "28"

                                 bIsServer = true

                           Case Else

                                 ' Do nothing

                           End Select

 

                    End if

 

             Next

 

show

michael1 posted this 2 weeks ago

Generally speaking, if you want a script written for you, I think Experts Exchange is the best choice.

show

robertsingers posted this 2 weeks ago

Going back to a distant memory, you can target a specific Laptop GPO using this as a WMI filter but it's generally smoother to have a laptop group that you keep populated via a scheduled script (and build script).
On Tue, 4 Dec 2018 at 09:26, Michael B. Smith <michael@xxxxxxxxxxxxxxxx> wrote:
















Microsoft trusts it themselves. (From ZTIGather.wsf, part of MDT)

 

             Set objResults = objWMI.InstancesOf("Win32SystemEnclosure")

             bIsLaptop = false

             bIsDesktop = false

             bIsServer = false

             For each objInstance in objResults

 

                    If objInstance.ChassisTypes(0) = 12 or objInstance.ChassisTypes(0) = 21 then

                           ' Ignore docking stations

                    Else

 

                           If not IsNull(objInstance.SMBIOSAssetTag) then

                                 sAssetTag = Trim(objInstance.SMBIOSAssetTag)

                           End if

                           Select Case objInstance.ChassisTypes(0)

                           Case "8", "9", "10", "11", "12", "14", "18", "21", "30", "31", "32"

                                 bIsLaptop = true

                           Case "3", "4", "5", "6", "7", "15", "16", "35", "36"

                                 bIsDesktop = true

                           Case "23", "28"

                                 bIsServer = true

                           Case Else

                                 ' Do nothing

                           End Select

 

                    End if

 

             Next

 

show

barkills posted this 2 weeks ago

I'm going to say a couple semi-obvious things that I think need to be said, but which we may be too polite to say:

1. This topic isn't related to Active Directory, so is generally out of bounds. The only way this topic is in-bounds is via the alternative group policy approaches that a few are suggesting, but which the OP didn't ask for.
2. The OP wants us to do his job for him. I think a better outcome would be that they learn how to do this themselves.

I think we've generously provided some good resources that the OP could use to solve their own problem and now we should let this topic die.

Brian

show

Close