Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.5 available

The official documentation can be found on http://wiki.ocsinventory-ng.org. Read it before asking your question.

How to get the amount of Bitlocker protected HDD?

Dear OCS Team,

fist of all I would like to say Thank You for such a great product, it is really cool!

Could you please advise whether is possible to collect inventory for the Windows 10 machines that have enabled Bitlocker protection on their HDD?

Thank you very much,
Rostyslav
asked in OCS Inventory NG agent for Windows by (440 points)

9 Answers

0 votes
 
Best answer
hy, if there is no working registry key (because the key does not exists at all) you have 2 choices

1. create a script which creates a registry key for you

2. create a script which returns the errolevel to OCS-Inventory

Example for Bitlocker Protection check on drive c

@echo off
manage-bde -status | findstr "protection on"
if %errorlevel% == 1 goto isoff
goto end
:isoff
rem Bitlocker ist not enabled on drive c - return 111 to ocs
exit /b 111
goto end
:end
rem if errorlevel is 0 Bitlocker is on
rem if errorlevel is 111 Bitlocker is off

Deploy the script - an after a while you see which computer has a enabled bitlocker HDD in the ocsinventory error stats

Kind regards
answered by (2.7k points)
selected by
0 votes
Hi @Rostyslav ,

yes, with OCS you can by querying the registry of your Windows machine :

HKLM \ SYSTEM \ CurrentControlSet \ Services \ BDESVC \ Start

For the displayed value of "Start" :

2 = Automatic
3 = Manual
4 = Disabled

Regards, Stéphane
answered by (22.5k points)
0 votes
Hello Stéphane,

I have compared the registry settings you've mentioned for the PC with and without bitlocker encrypted drives and, unfortunately, found no difference, meaning that the registry settings are identical  :(

I have googled, and it looks like that is not possible to pull the value from the registry which indicates the status of the HDD encryption

Just in case you have other ideas, please let me know

Thank you very much,

Rostyslav
answered by (440 points)
0 votes
Hi,

We have tested. OCS agent inventories the PC with Bitlocker enabled correctly. Tested with the last version.
Regards

Frank
answered by (61.6k points)
0 votes
Hello Frank,

thank you for your answer.

Just wanted to clarify one thing.  All the laptops (with bitlocker or or not) are inventoried properly, no issues with that.

The task I would like to solve is to get the information whether laptop has encrypted drives or not.

Sorry bothering you with that, just noticed the registry keys you've mentioned are identical for machines with encrypted and non-encrypted HDD

Thank you very much,

Rostyslav
answered by (440 points)
0 votes
Sounds good! I didn't know OCS agents can send the error codes into OCS server

Could you please share how it can be done?

Many thanks!
answered by (440 points)
0 votes
Hi,

We have currently developped a plugin for this. This is under testing and will be published in the next weeks.

Best regards

Frank
answered by (61.6k points)
0 votes
Hello Frank,

thanks for the good news!

may I ask you to let me know once plugin is available to download?

Many thanks again,

Rostyslav
answered by (440 points)
0 votes

Hi @Rostyslav ,

you can find in the following location the new plugin "bitlockerstatus" that corresponds to your request :

https://github.com/PluginsOCSInventory-NG/bitlockerstatus

Kind regards,

Stéphane

answered by (22.5k points)
 
Powered by Question2Answer
...