I was wondering if anyone has found a good way to report bitlocker encryption status using the kbox? I have been searching online and found examples for other management software but nothing for the kbox.

thanks
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
[font="Times New Roman"]
I haven't tried, but from what you've found, what methods return values?

Answered 09/14/2011 by: scottlutz
Orange Senior Belt

Please log in to comment
0
You could write a PowerShell, AutoIT, or VBS script to detect status and write a registry value. You could then inventory that value.

From a quick Google search, all I could find dealt with WMI - based on that you'd have to use some sort of script to make something (e.g. reg value) for the K1000 to inventory.
Answered 09/15/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
That sounds like a good start. I think I will try taking that path.
Answered 09/15/2011 by: profyt7
Senior Yellow Belt

Please log in to comment
0
Perhaps some combination of GetConversionStatus and this faq 968 ?
Answered 09/15/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
0
We place a VBscript on each machine, via File Sync, which writes the status of drives C,D,E to the registry via the ProtectionStatus value in Win32_EncryptableVolume. We also capture the recovery keys by writing the output of the command:

cmd /c manage-bde -protectors -get c: -type recoverypassword

to a string variable, and parse the string for the lines containing "Password:" and "ID:", then write those values to the registry for KBOX to pick up in a custom inventory rule (RegistryValueReturn).
The script is also launched during every inventory update via another custom inventory rule (ShellCommandTextReturn, which doesn't output anything, but does execute the script).

So worst case, after a couple of inventory updates on a new machine we have the status and recovery key stored in the machine's inventory record in KBOX.

We decided to update this with every machine inventory, since all of our users are local admins and there have been times where people have turned BitLocker off and back on (decrypt and re-encrypt), changing the recovery key, finding us in a position where we didn't have the recovery key when BitLocker decided to trip. Ideally this can all be done with group policy and Active Directory, but we had problems doing it that way, so KBOX to the rescue.

The script is very light, and the manage-bde command is a very quick execute, so this hourly run doesn't ever get noticed.
Answered 09/21/2011 by: mich3ael
Senior Yellow Belt

  • Hi, I have used File Sync to copy my VBscript to a folder on the C: drive but cannot get the script to run. Can you please advise how you force the script to run and will it still run if UAC is enabled? Thanks
    • Found the answer: http://www.kace.com/de/support/resources/kb/article/Using-the-K1000-appliance-scripting-module
Please log in to comment
0
version 6.4 makes this much easier and reports it in the inventory. Working on reporting based on that now myself.
Answered 01/20/2016 by: joe.pyrczak
Orange Senior Belt

Please log in to comment
Answer this question or Comment on this question for clarity