Query Bitlocker status - Remote Machine

Started by luciotorres, October 15, 2013, 07:44:34 AM

Previous topic - Next topic

luciotorres

Hi

How can I get the Bitlocker status for a list of machines ?


I tried this WMI script, but just for a local computer.


strComputer = "."
objWMIService = GetObject("winmgmts:\\" : strComputer : "\root\CIMV2\Security\MicrosoftVolumeEncryption")

colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48)
ForEach objInstance In colItems
   ; Check for object.
   If !objInstance Then Continue
    If ObjectTypeGet(objInstance) == "EMPTY" Then Continue

   ; Compose the Bitlocker status and display same.
   If objInstance.ProtectionStatus == 0
      strStatus = "PROTECTION OFF"
   Endif
   If objInstance.ProtectionStatus == 1
      strStatus = "PROTECTION ON"
   EndIf

   Message("Drive: ":objInstance.DriveLetter, "Encryption status: ":strStatus)
Next

Deana

Simply specify the computername of the remote system in the strComputer variable in your script.

Code (winbatch) Select
; Load Appropriate Extender
AddExtender('wwwnt34i.dll',0,'wwwnt64i.dll')
servers = wntResources("", 2, 1, 1)
strComputer = AskItemlist("Available servers", servers, @TAB,@SORTED,@SINGLE)
Deana F.
Technical Support
Wilson WindowWare Inc.

luciotorres

when I specified the computer name in the  :

strComputer = "XXXComputer"
objWMIService = GetObject("winmgmts:\\" : strComputer : "\root\CIMV2\Security\MicrosoftVolumeEncryption")

colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48)
ForEach objInstance In colItems
   ; Check for object.
   If !objInstance Then Continue
    If ObjectTypeGet(objInstance) == "EMPTY" Then Continue

   ; Compose the Bitlocker status and display same.
   If objInstance.ProtectionStatus == 0
      strStatus = "PROTECTION OFF"
   Endif
   If objInstance.ProtectionStatus == 1
      strStatus = "PROTECTION ON"
   EndIf

   Message("Drive: ":objInstance.DriveLetter, "Encryption status: ":strStatus)
Next


I received an error on line 5 "colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48)"

1261 : OLE:exception


Deana

Try clicking on the "more error info" button on the 1261 error dialog. Note: you must have access to this system using WMI: http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/tsleft.web+WinBatch/WMI+!WMI~Security!.txt
Deana F.
Technical Support
Wilson WindowWare Inc.

luciotorres

Hi Deana

IÃ,´m a Domain Admin for the computers...

There are any way to pass User and Password in WMI just in case ?

Like this WMI script :

strUser = "xxxx"
strPassword = "xxxx"
Locator = ObjectOpen("WbemScripting.SWbemLocator")
Service = Locator.ConnectServer(servidor,"root/cimv2",strUser,strPassword)
Security = Service.Security_
Security.ImpersonationLevel = 3
Privs = Security.Privileges
Privs.AddAsString("SeSecurityPrivilege");<<<<< Sets security privilege
LogSet = Service.InstancesOf("Win32_Product")

;-------------------------------------------------------------
; Query principal

LogSet = Service.ExecQuery("Select * From Win32_Product")

This script works fine.




Deana

I think you must use the connect server method in order to specify user id and password:
http://msdn.microsoft.com/en-us/library/aa393720(v=vs.85).aspx


Reference: Executing Privileged Operations: http://msdn.microsoft.com/en-us/library/aa390428(v=vs.85).aspx

Code (winbatch) Select
objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" : strComputer : "\root\CIMV2\Security\MicrosoftVolumeEncryption")

Deana F.
Technical Support
Wilson WindowWare Inc.

luciotorres

Still access denied...  IÃ,´m looking for another way...

Thanks Deana.

Deana

The ConnectServer method is the only method I am aware of. Anyone else?

Any reason why you cannot use the ConnectServer method?
Deana F.
Technical Support
Wilson WindowWare Inc.

td

According to the class documentation, MicrosoftVolumeEncryption requires that  "Connection encryption must be able to connect to the provider." That would suggest that you need to add something like "authenticationLevel=pktPrivacy" someplace. 
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

td

Untried but as a follow-up
Code (winbatch) Select

objLocator.Security_.AuthenticationLevel = 6 ;WbemAuthenticationLevelPktPrivacy = 6
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

luciotorres

How can I use this code to test ? (sorry.. IÃ,´m a new Winbatch user...)




Deana

Quote from: luciotorres on October 16, 2013, 04:42:13 AM
How can I use this code to test ? (sorry.. IÃ,´m a new Winbatch user...)

Undebugged sample:

Code (winbatch) Select
strComputer = "CMP111"
strUser = ""
strPswd = ""
objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
objWMIService = objSWbemLocator.ConnectServer(strComputer, "\root\cimv2\security\microsoftvolumeencryption", strUser, strPswd )
objSecurity = objWMIService.Security_
objSecurity.ImpersonationLevel = 3
objSecurity.AuthenticationLevel = 6 ;WbemAuthenticationLevelPktPrivacy = 6
colItems = objWMIService.ExecQuery ("Select * from Win32_EncryptableVolume")
ForEach objInstance In colItems
   ; Check for object.
   If !objInstance Then Continue
    If ObjectTypeGet(objInstance) == "EMPTY" Then Continue

   ; Compose the Bitlocker status and display same.
   If objInstance.ProtectionStatus == 0
      strStatus = "PROTECTION OFF"
   Endif
   If objInstance.ProtectionStatus == 1
      strStatus = "PROTECTION ON"
   EndIf
   Message("Drive: ":objInstance.DriveLetter, "Encryption status: ":strStatus)
Next

Exit
Deana F.
Technical Support
Wilson WindowWare Inc.

luciotorres

Perfect Deana !

Now I can get the remote information about bitlocker !

Thank you for your help.

:D