Jump to content
[[Template core/front/profile/profileHeader is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]]

BrendenCleppe last won the day on July 23

BrendenCleppe had the most liked content!

Community Reputation

6 Neutral

My Information

  • Agent Count
    4000 - 6000 Agents

Converted

  1. @TehArchitect You can certainly do that. It will encrypt the data within the database itself. so if you are doing any queries it will be encrypted. It might be an option if you have any external connection directly to the database. When you encrypt the entry, any view's from automate should be okay. At least that is what i remember from the articles on ExtraDatafields.
  2. @amw3000 We run and grab ALL the keys every 2 days and replaces the EDF for the device so we always have the latest information regardless if the key changes.
  3. Just to help the community. I have our system run a bitlocker get status script on all devices. I have made several EDF's for the device to store information: All of these are LOCKED so none of the techs can alter or adjust them. TPM Enabled. This runs the Powershell command: get-tpm | select -Expandproperty Autoprovisioning There is an IF statement where if the TPM is enabled it Marks the TPM EDF as enabled. This tells me if the device is able to be encrypted (we try to always have TPM) Checks if Bitlocker ProtectionStatus is on. Runs the Powershell command: Get-BitLockerVolume -MountPoint "C:" | Select -ExpandProperty ProtectionStatus There is an IF statement where if the Protectionstatus is ON it will check the 'BitlockerEnabled' box. The script will always run the 2 Powershell commands below regardless if bitlocker is enabled.. Bitlocker Recovery Key: Powershell command: manage-bde -protectors -get 😄 Get Bitlocker Status of C:. Powershell command: manage-bde -status 😄 The 'Date checked for Encryption' is a self diagnosing piece to tell me when the script was last ran. Example Contents of each EDF: Bitlocker Recovery Key: BitLocker Drive Encryption: Configuration Tool version 10.0.17134 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Volume 😄 [] All Key Protectors TPM: ID: {E123456-E123-F123-F123-D123456789012} PCR Validation Profile: 0, 2, 4, 11 Numerical Password: ID: {1DDB4148-A123-B123-C123-B12345678901} Password: 123456-123456-123456-123456-123456-123456-123456-123456 Bitlocker Status of 😄 BitLocker Drive Encryption: Configuration Tool version 10.0.17134 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Volume 😄 [] [OS Volume] Size: 475.49 GB BitLocker Version: 2.0 Conversion Status: Used Space Only Encrypted Percentage Encrypted: 100.0% Encryption Method: XTS-AES 128 Protection Status: Protection On Lock Status: Unlocked Identification Field: Unknown Key Protectors: TPM Numerical Password Attached is the SQL for importing the EDF files as well as the script used. Help this helps! Get Bitlocker Status of Device.xml Bitlocker-ComputerEDF.sql
×
×
  • Create New...