Hi Stephen,
I'm doing the SAME. EXACT. THING.
Do we work for the same company? :-)
I'm writing a healthcheck script that will validate executables, services, processes and registry settings. It will fix registry settings to our defaults (in the event of a bad install). Also, it will create a new WMI class to store the encryption status so we can write it to SCCM 2012.
Monitored Executable: C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT ENCRYPTION CLIENTS\EACOMMUNICATORSRV.EXE
Monitored Service: EAFRCLIMANAGER
Monitored Processes: EACOMMUNICATORSRV.EXE, EAFRCLIMANAGER.EXE, EAFRCLISTART.EXE
Registry settings are little tricky as you will need to take ownership AND grant read permissions on the following (make sure you restore to original after querying):
HKLM\Software\Encryption Anywhere\Framework
HKLM\Software\Encryption Anywhere\Framework\Client Database
HKLM\Software\Encryption Anywhere\Hard Disk
HKLM\Software\Encryption Anywhere\Hard Disk\Client Database
HKLM\Software\Encryption Anywhere\Hard Disk\EAFS
HKLM\Software\Encryption Anywhere\Hard Disk\EAFS\Disk0
Once permissions are set, I retrieve the following values:
KEY: HKLM\Software\Encryption Anywhere\Framework
VALUE: ProductVersion
VALUE: ProductBuild
KEY: HKLM\Software\Encryption Anywhere\Framework\Client Database
VALUE: ServerLocation - this is the URL to the web service that handles requests to the SEE db (format is http://SERVER:PORT/GECommunicationWS.asmx)
VALUE: ServerName -- this is the Server Name in FQDN format
KEY: HKLM\Software\Encryption Anywhere\Hard Disk\EAFS\Disk0
VALUE: StatusEncrypted -- comma-delimited list of drives that are encrypted
VALUE: StatusDecrypted -- comma-delimited list of drives that are decrypted
VALUE: StatusEncryptionInProgress -- comma-delimited list of drives that are encrypting
VALUE: StatusDecryptionInProgress -- comma-delimited list of drives that are decrypting
KEY: HKLM\Software\Encryption Anywhere\Hard Disk\Client Database
VALUE: LastContactTimestamp -- last check-in in hex format of # of days/hours/mins since 01/01/1970 (e.g., 0x522DD226 is 9/9/13 1:49PM EST)
VALUE: NoContactDaysMax -- we have ours set to lockout the machine if no contact after 45 days
VALUE: NoContactLockoutWarningDays -- and we start warning users 15 days before the lockout expiration
Would love to hear other suggestions from anyone else! I want to make my health-check tool as comprehensive as possible.
Good luck to you,
Roland Thomas