/build/static/layout/Breadcrumb_cap_w.png

Creating reports for all devices with and without bitlocker.

Hello, I start using KACE a couple of months ago. My goal is to create the custom inventory field and to get a report on all Win10 devices with and without BitLocker. Looking at some answers from this forum, found that you have to create a custom inventory field, but not sure about the steps when adding a BitLocker Status script: ShellCommandTextReturn(cmd /c %windir%\sysnative\Manage-BDE.exe -status) Since this is a production I would like to test on few machines first. Thank you Tim

0 Comments   [ + ] Show comments

Answers (2)

Posted by: Hobbsy 1 month ago
Red Belt
0

Using this as a Custom Inventory Field should create an entry in the Custom inventory section of any machine, with just the text displaying the status of the bitlocker installed on that device.


Running a custom inventory field has no effect on anything on the SMA so please do not be afraid to test the functionality. 

Posted by: Kiyolaka 1 month ago
Second Degree Green Belt
0

Custom inventory rules are run locally, on agent systems for the stoped OS(es) .


The command you have there is fairly straight forward.

The best way to test a CIR you're unsure of is to do so on developmental instance of the appliance so that code you've not validated isn't automatically running on machines when they perform their inventory cycle.


As for the query you referenced, it's a pretty simple one. I want to say that I had tried to use that one but ran into some nuances which I can't fully recall as it was a while ago. I want to say the data it provided was sometimes blank, hard to search when more then one fixed disk volume is listed and possibly some nuances related to drives that windows 10 pre-encrypted but diddnt enable bitlocker on. 


I ended up using this code which focuses specifically on the C: drive and gives me all specific values I'd want to query.


ShellCommandTextReturn(cmd.exe /c powershell.exe "Get-BitLockerVolume -MountPoint $env:SystemDrive| Select -Property MountPoint,EncryptionMethod,VolumeStatus,ProtectionStatus,KeyProtector|Format-List|Out-String|ForEach-Object {$_.Trim()}")


Systems that are encrypted and have bitlocker enabled  will report;


ProtectionStatus : On

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ