Jump to content

Recommended Posts

This is awesome, really helped with bitlocker detection for me. Cheers for integrating the EDF creation.

I am running LT10 and rolling out to Windows 10.

We will be trying to use GPO to get bitlocker on the machines so that is the next thing.

One change made to the script to get it working just right which was to move the "line 10" Exit Script up to line 8.

Thanks for the great work

Share this post


Link to post
Share on other sites

We've solved this by creating a role definition, a group and a search.

 

role definition:

{%@powershell.exe "Get-BitLockerVolume | Where ProtectionStatus -eq 'On' | Select-Object VolumeStatus"@%}

contains

Encrypted

 

Then a scheduled script (every so often) on the group which fills the EDF with the output of this powershell:

powershell.exe -NoLogo -Command "& {ForEach ($Volume in (Get-BitLockerVolume | Where {$_.ProtectionStatus -eq 'On'})) { Write-Output """$($Volume.MountPoint) - $($Volume.KeyProtector.recoverypassword)"""}}"

 

should output all bitlocker protected volumes (even USB sticks) with the recoverypassword (if applicable) in the EDF.

Share this post


Link to post
Share on other sites

This script is exactly what I was looking for, and appears to be working flawlessly for us.

 

Thank you much!

Share this post


Link to post
Share on other sites

For those of you running the original script, we found that the manage-bde | select-string "Protection On" will give you a false positive as Labtech runs the command with quotes around it, so it actually stops after Select-string. This generates an invalid command and echoes the rest with Protection On. As the next line checks for the word On, every single computer now has TPM on according to the logic.

Solved by making the text manage-bde | select-string 'Protection On'

in single quotes.

Share this post


Link to post
Share on other sites

anyone using this in Automate 12? Ive disabled 'Exit Script' on Line 10 and changed line 4 to single quotes around 'Protection On', however when I run the script its not populating any results in the Bitlocker EDFs.

Share this post


Link to post
Share on other sites

I am trying this out on version 11 but I get a syntax error when viewing the script in labtech after importing it, any advice?

" Error loading script: Syntax error: missing operand after 'abcd387' operator"

It only displays up to line 7 of the script and does not let me edit it. 

 

Share this post


Link to post
Share on other sites

I am interested in know if this works in Automate 12?  I have a need to know what devices are bitlocker encryption capable.

Share this post


Link to post
Share on other sites

Does anyone have a working copy of this script they can export for me? I am having issues opening the script once i imports and I tried in both LT11.19 and LT12.5 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×