Scripting BitLocker

For those of you who read this (that would be me and my sainted mother) I have been a bit remiss in updating this blog. I have been between opportunities, as they say. As luck would have it, I found a contract that requires me to script a BitLocker implementation. The first issue I had to deal with was determining if BitLocker was already installed. That proved to be no easy task for me. With some help and luck I came up with this;

dim retval, em
arrComputers = Array(".")
For Each strComputer In arrComputers
   WScript.Echo
   WScript.Echo "=========================================="
   WScript.Echo "Computer: " & strComputer
   WScript.Echo "=========================================="
 

Set objWMIService = GetObject("winmgmts:\" & strComputer _
    & "rootCIMV2SecurityMicrosoftVolumeEncryption")

Set volumes = objWMIService.InstancesOf("Win32_EncryptableVolume")

 
 for each volume In volumes
     If volume.DriveLetter = "C:" then 
     retval = volume.GetEncryptionMethod(em)
     WScript.Echo em
     End If
 Next
Next
 
If it returns 1 (one) BitLocker is enabled and running. 0 (zero) means it is not.
 
And here it is in Powershell;
 
$strComputer = "."
$colItems = Get-WmiObject -class Win32_EncryptableVolume -namespace "rootCIMV2SecurityMicrosoftVolumeEncryption" `
-computername $strComputer -filter "DriveLetter=’C:’"
$b = $colItems.GetEncryptionMethod()
 write-host "EncryptionMethod: " $b.EncryptionMethod
 
You can also check on the status of your Conversion by adding a line;
 
retval1 = volume.GetConversonStatus(cs, ep) to the vbScript.
 
Like this:
 
dim retval, em
arrComputers = Array(".")
For Each strComputer In arrComputers
   WScript.Echo
   WScript.Echo "=========================================="
   WScript.Echo "Computer: " & strComputer
   WScript.Echo "=========================================="
Set objWMIService = GetObject("winmgmts:\" & strComputer _
    & "rootCIMV2SecurityMicrosoftVolumeEncryption")
Set volumes = objWMIService.InstancesOf("Win32_EncryptableVolume")
 for Each volume in volumes
     If volume.DriveLetter = "C:" then 
     retval = volume.GetEncryptionMethod(em)
     retval1 = volume.GetConversionStatus(cs, ep) ‘ <— added line
     Wscript.Echo "Conversion Status: " & cs & vbTab & "% Complete: " & ep
     End If
 Next
Next
 And in PowerShell;
 
$strComputer = "."
$colItems = Get-WmiObject -class Win32_EncryptableVolume -namespace "rootCIMV2SecurityMicrosoftVolumeEncryption" `
-computername $strComputer -filter "DriveLetter=’C:’"
$c = $colItems.GetConversionStatus()
$ep = $c.EncryptionPercentage
$ep 
if ($C.ConversionStatus -eq 0)
   {"Conversion Status: FULLY DECRYPTED"}
   elseif($C.ConversionStatus -eq 1)
      {"Conversion Status: FULLY ENCRYPTED"}
   elseif($C.ConversionStatus -eq 2)
      {"Conversion Status: ENCRYPTION IN PROGRESS"}
   elseif($C.ConversionStatus -eq 3)
      {"Conversion Status: DECRYPTION IN PROGRESS"}
   elseif($C.ConversionStatus -eq 4)
      {"Conversion Status: ENCRYPTION PAUSED"}
   elseif($C.ConversionStatus -eq 5)
      {"Conversion Status: DECRYPTION PAUSED"}
   else
      {$C.ConversionStatus + " Conversion Status: unknown"}
 
And here are some words from Microsoft on the subject:
 

Although the documentation was in C language notation, it is similar in call in VBScript. According to the documentation, it is:

 uint32 GetEncryptionMethod([out] uint32 EncryptionMethod); 

For more information, see:

GetEncryptionMethod Method of the Win32_EncryptableVolume Class

http://msdn.microsoft.com/en-us/library/aa376434(VS.85).aspx

You will need to also modify the calls for the GetProtectionStatus and GetConversionStatus calls, otherwise, this too will only output their respective Return Value. Below is the syntax for the 2 other methods that you are calling.

uint32 GetProtectionStatus([out] uint32 ProtectionStatus);
uint32 GetConversionStatus([out] uint32 ConversionStatus, [out] uint32 EncryptionPercentage); 

In VBScript, they would look like:

returnValue1 = GetProtectionStatus(ps)

WScript.Echo "ProtectionStatus: " & ps

returnValue2 = GetConversionStatus(cs, ep)

WScript.Echo "ConversionStatus: " & cs

WScript.Echo "EncryptionPercentage: " & ep 

For more information, see: 

GetProtectionStatus Method of the Win32_EncryptableVolume Class

http://msdn.microsoft.com/en-us/library/aa376448(VS.85).aspx 

GetConversionStatus Method of the Win32_EncryptableVolume Class

http://msdn.microsoft.com/en-us/library/aa376433(VS.85).aspx

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s