Reporting Bitlocker status

[FDrebin]

Would it be possible to have the status of Bitlocker encryption for any/all storage devices that are listed in the details page for each individual asset?

[Ylianst]

That is an interesting request, Bryan would have to look into this.

[FDrebin]

Thank you. Not sure what the agent uses, but Microsoft has some PowerShell commandlets for Bitlocker stuff such as https://docs.microsoft.com/en-us/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps and via manage-bde-status .

Not sure how easy or difficult they are to incorporate. But I appreciate your time.

[krayon007]

Thank you. Not sure what the agent uses, but Microsoft has some PowerShell commandlets for Bitlocker stuff such as https://docs.microsoft.com/en-us/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps and via manage-bde-status .

Not sure how easy or difficult they are to incorporate. But I appreciate your time.

Powershell is fairly easy to integrate, as I already integrate powershell for a few other things on windows as well... Thanks for sharing these docs, I can take a look at it...

[elpibedeoro]

Hi,

Any updates about this ?

Thank you.

[krayon007]

I just implemented this... It'll be in the next update.

[elpibedeoro]

That's a great news, thank you !!!

[elpibedeoro]

Hi Bryan,

Couldn't find this information in the detail page. Do I have to do anything to show it ?
Thank you in advance.

[krayon007]

if you type sysinfo in the console tab, does it show up in there? I'm not sure if @Ylianst added this info in the details page.

[elpibedeoro]

Hi,

No information about Bitlocker in sysinfo.

[krayon007]

From an elevated Powershell command prompt, run the following command:

Get-BitLockerVolume | Select-Object -Property MountPoint,VolumeStatus,ProtectionStatus | ConvertTo-Csv -NoTypeInformation

Does that return anything?

[elpibedeoro]

Hi,

Yes, it returns something like that:

"MountPoint","VolumeStatus","ProtectionStatus"
"C:","FullyEncrypted","On"
"E:","FullyDecrypted","Off"

[elpibedeoro]

Hi,

Any news about this ?

Thank you.

[si458]

you can run volumes from the console tab and get a reply which shows if a parition is encrypted or not EncryptionMethod
the is also code already built into the agent side, it just wasnt added to the server side so ill look into it for you

> volumes
{
 "\\\\?\\Volume{0c6dfeb8-326e-4256-8acb-bfdc4eb63e3f}\\": {
  "Automount": true,
  "BlockSize": "4096",
  "BootVolume": true,
  "Capacity": "1022439526400",
  "Caption": "C:\\",
  "Compressed": false,
  "DeviceID": "\\\\?\\Volume{0c6dfeb8-326e-4256-8acb-bfdc4eb63e3f}\\",
  "DirtyBitSet": false,
  "DriveLetter": "C:",
  "DriveType": 3,
  "FileSystem": "NTFS",
  "FreeSpace": "606204665856",
  "IndexingEnabled": true,
  "Label": "OS",
  "MaximumFileNameLength": 255,
  "Name": "C:\\",
  "PageFilePresent": true,
  "QuotasEnabled": false,
  "QuotasIncomplete": false,
  "QuotasRebuilding": false,
  "SerialNumber": 2318608525,
  "SupportsDiskQuotas": true,
  "SupportsFileBasedCompression": true,
  "SystemName": "SIVIVOBOOK",
  "ConversionStatus": 1,
  "EncryptionMethod": 6,
  "IsVolumeInitializedForProtection": true,
  "PersistentVolumeID": "{F898FFB2-83B0-40FB-B2AC-E12213F565E9}",
  "ProtectionStatus": 1
 },
 "\\\\?\\Volume{598ffe8f-3d89-4112-be2e-9651221ab61e}\\": {
  "Automount": true,
  "BlockSize": "4096",
  "BootVolume": false,
  "Capacity": "1205858304",
  "Caption": "\\\\?\\Volume{598ffe8f-3d89-4112-be2e-9651221ab61e}\\",
  "Compressed": false,
  "DeviceID": "\\\\?\\Volume{598ffe8f-3d89-4112-be2e-9651221ab61e}\\",
  "DirtyBitSet": false,
  "DriveType": 3,
  "FileSystem": "NTFS",
  "FreeSpace": "63684608",
  "IndexingEnabled": true,
  "Label": "RECOVERY",
  "MaximumFileNameLength": 255,
  "Name": "\\\\?\\Volume{598ffe8f-3d89-4112-be2e-9651221ab61e}\\",
  "PageFilePresent": false,
  "QuotasEnabled": false,
  "QuotasIncomplete": false,
  "QuotasRebuilding": false,
  "SerialNumber": 1147505330,
  "SupportsDiskQuotas": true,
  "SupportsFileBasedCompression": true,
  "SystemName": "SIVIVOBOOK"
 },
 "\\\\?\\Volume{0cce5afd-cda9-465b-8752-65f7e127fcb8}\\": {
  "Automount": true,
  "BlockSize": "4096",
  "BootVolume": false,
  "Capacity": "268435456",
  "Caption": "\\\\?\\Volume{0cce5afd-cda9-465b-8752-65f7e127fcb8}\\",
  "DeviceID": "\\\\?\\Volume{0cce5afd-cda9-465b-8752-65f7e127fcb8}\\",
  "DirtyBitSet": false,
  "DriveType": 3,
  "FileSystem": "FAT32",
  "FreeSpace": "186609664",
  "Label": "MYASUS",
  "MaximumFileNameLength": 255,
  "Name": "\\\\?\\Volume{0cce5afd-cda9-465b-8752-65f7e127fcb8}\\",
  "PageFilePresent": false,
  "SerialNumber": 3635382233,
  "SupportsDiskQuotas": false,
  "SupportsFileBasedCompression": false,
  "SystemName": "SIVIVOBOOK"
 },
 "\\\\?\\Volume{5d7fceb2-e3b7-4e5e-8d52-b759c99324d7}\\": {
  "Automount": true,
  "BlockSize": "4096",
  "BootVolume": false,
  "Capacity": "268435456",
  "Caption": "\\\\?\\Volume{5d7fceb2-e3b7-4e5e-8d52-b759c99324d7}\\",
  "DeviceID": "\\\\?\\Volume{5d7fceb2-e3b7-4e5e-8d52-b759c99324d7}\\",
  "DirtyBitSet": false,
  "DriveType": 3,
  "FileSystem": "FAT32",
  "FreeSpace": "231571456",
  "Label": "SYSTEM",
  "MaximumFileNameLength": 255,
  "Name": "\\\\?\\Volume{5d7fceb2-e3b7-4e5e-8d52-b759c99324d7}\\",
  "PageFilePresent": false,
  "SerialNumber": 3727788022,
  "SupportsDiskQuotas": false,
  "SupportsFileBasedCompression": false,
  "SystemName": "SIVIVOBOOK"
 }
}

[si458]

just doing a PR for this, got it sending the bitlocker to server now and just designing the web ui
how does this look?

[si458]

input on this please? #5746