Asset Management Suite

 View Only
Back to Library

Bitlocker Information from Altiris 7.x 

Apr 10, 2013 03:29 PM

There are two parts to this guide. Getting the bitlocker status of drives into Altiris and getting the recovery key into Altiris.  These are custom inventories so we can start them both off with creating a custom Data Class. 

Lets start with the Expanded bitlocker status. I had found an article on this site before that would give you the protection status only which was useful but I wanted more information.  The Custom data class I use has 7 columns:

expanded bitlocker dadta class.jpg

I then used the script below to gather the information for all disks in the system. Make sure to replace the GUID below with the one from your custom data class:

'Following is a sample custom inventory script gathering information about processor of a machine and posting data
'to NS using Altiris NSE Component
'===================================================================================================================
'      On Error Resume Next

'Create instance of Wbem service object and connect to namespace
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root/CIMv2/Security/MicrosoftVolumeEncryption")

'Fire WMI Query
Set objCIMObj = objWMIService.ExecQuery("select * from Win32_EncryptableVolume",,48)
'Set objCIMObj = objWMIService.ExecQuery("Select * from Win32_EncryptableVolume " & "Where DriveLetter = 'C:'")


'===================================================================================================================

'Create instance of Altiris NSE component
dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")

' Set the header data of the NSE
' Please don't modify this GUID
nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
nse.Priority = 1

'Create Inventory data block. Here assumption is that the data class with below guid is already configured on server
dim objDCInstance
set objDCInstance = nse.AddDataClass ("{dd92d9ec-861d-4879-8af3-8b6cf9deb510}")

dim objDataClass
set objDataClass = nse.AddDataBlock (objDCInstance)

Dim arEncryptionMethod

arEncryptionMethod = Array("None", "AES 128 With Diffuser", "AES 256 With Diffuser", "AES 128", "AES 256")

Dim arProtectionStatus

arProtectionStatus = Array("Protection Off", "Protection On", "Protection Unknown")

Dim arConversionStatus

arConversionStatus = Array("Fully Decrypted", "Fully Encrypted", "Encryption In Progress", "Decryption In Progress", "Encryption Paused", "Decryption Paused")

Dim arLockStatus

arLockStatus = Array("Unlocked", "Locked")


'For each objInfo in objCIMObj
For Each objItem in objCIMObj
 
 Dim EncryptionMethod

 Dim ProtectionStatus

 Dim ConversionStatus

 Dim EncryptionPercentage 'Percentage of the volume that is encrypted

 Dim VolumeKeyProtectorID

 Dim LockStatus

 objItem.GetEncryptionMethod EncryptionMethod
 objItem.GetProtectionStatus ProtectionStatus
 objItem.GetConversionStatus ConversionStatus, EncryptionPercentage
 objItem.GetKeyProtectors 0,VolumeKeyProtectorID
 objItem.GetLockStatus LockStatus

 'Add a new row
dim objDataRow
set objDataRow = objDataClass.AddRow
'Set columns
objDataRow.SetField 0, objItem.DeviceID
objDataRow.SetField 1, objItem.DriveLetter
objDataRow.SetField 2, arEncryptionMethod(EncryptionMethod)
objDataRow.SetField 3, arProtectionStatus(ProtectionStatus)
objDataRow.SetField 4, arConversionStatus(ConversionStatus)
objDataRow.SetField 5, EncryptionPercentage & "%"
objDataRow.SetField 6, arLockStatus(LockStatus)
Next

nse.SendQueued

Results:

expanded bitlocker status.JPG

 

The next script and custom data class gather the recovery keys.  Once again we start with a custom data class:

Bitlocker recovery data class.JPG

Then the script:

strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root/CIMv2/Security/MicrosoftVolumeEncryption")

Set objCIMObj = objWMIService.ExecQuery("select * from Win32_EncryptableVolume",,48)
'Set objCIMObj = objWMIService.ExecQuery("Select * from Win32_EncryptableVolume " & "Where DriveLetter = C:'")

dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")


nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
nse.Priority = 1

dim objDCInstance
set objDCInstance = nse.AddDataClass ("{0683de19-a007-4eba-9ad5-32748a52ef14}")

dim objDataClass
set objDataClass = nse.AddDataBlock (objDCInstance)
 
For Each objItem in objCIMObj
 
Set oShell = WScript.CreateObject("WSCript.shell")
oShell.run"cmd /K manage-bde -protectors -get """ &objitem.driveletter& """ >C:\keys.txt & exit",0,True


'Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("C:\keys.txt", 1)

Do Until objFile.AtEndOfStream
    strNextLine = objFile.ReadLine
    If Len(strNextLine) > 0 Then
        strLine = strNextLine
    End If
Loop

objFile.Close

'Wscript.Echo strLine


dim objDataRow
set objDataRow = objDataClass.AddRow

objDataRow.SetField 0, objItem.DriveLetter
objDataRow.SetField 1, strLine
Next

oShell.run"cmd /K del c:\keys.txt & exit",0,True

nse.SendQueued

 

Then the results:

Bitlocker Recovery2.JPG

I hope this article helps you manage bitlocker info a little better.  We are currently working on a way to move the data over into the Asset side so it's not quite as volatile.

Statistics
0 Favorited
24 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

TeleFragger
May 01, 2017 02:19 PM

now if they had a "Like" button i would of tapped it for ya.

I appreciate everything in on these as they are awesome to have and made things easier for me. BIGTIME...

even my non knowlege on this, was able to edit and fix what i needed...

 

keep em coming!

JAunmc
May 01, 2017 10:23 AM

I was getting ready to post that update as well!  With the new versions of Windows and bitlocker these fields will continue to change.  The script will need to be modified to match.

TeleFragger
Apr 26, 2017 03:36 PM

ok I figured it out..

the array was missing fields so i added them

see below:

 

arEncryptionMethod = Array("None", "AES 128 With Diffuser", "AES 256 With Diffuser", "AES 128", "AES 256", "Hardware Encryption", "XTS AES 128", "XTS AES 256")

TeleFragger
Apr 26, 2017 02:50 PM

Ok I was able to get it working BUT the one line was killing it for me. I am not great at this but still..

a 7 was retrieved and I do not know how to interpret that. so I simply put a "Not Available" in that field waiting to see what yall think on how to fix this. I am guessing the array doesnt account for the value 7?

so I did this
 objDataRow.SetField 2, "Not Available" ' commented out arEncryptionMethod(EncryptionMethod)

TeleFragger
Apr 26, 2017 12:29 PM

Seems some of us need to name our rows in the data class correctly ... hah..

on the first ones I didnt add the _initial on them..

 

working great! thanks!

 

TeleFragger
Apr 26, 2017 11:48 AM

i just set this up as well. interestingly enough I get all of the info in my .ok file but it isnt uploading to the server. I know that typically is the data class name but I also chose what you did. Microsoft TPM

 

im just stumped as i have the inventory file but not uploading to the server.

TeleFragger
Apr 26, 2017 11:21 AM

dupe - sorry

 

 

TeleFragger
Apr 26, 2017 10:57 AM

Wow this is great. Started setting it up but im having issues.

 had to comment out a line as it would fail on it

objItem.GetKeyProtectors 0,VolumeKeyProtectorID

 

so i threw wscript.echo in there to see whats going on. all in attached pic.

any help greatly appreciated as we are going bitlocker.

 

 

Migration User
Oct 28, 2014 11:36 AM

If anyone is looking to collect TPM status, here is the script to collect it.  I set my custom data class as "Microsoft TPM".

'------------------------------------------------------------------------------------

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftTpm")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Tpm", "WQL", _
                                        wbemFlagReturnImmediately + wbemFlagForwardOnly)

'============================================
'Create instance of Altiris NSE component
dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")
nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
nse.Priority = 1

dim objDCInstance
'my custom data class
set objDCInstance = nse.AddDataClass ("Microsoft TPM")

dim objDataClass
set objDataClass = nse.AddDataBlock (objDCInstance)

For each objInfo in colItems 'script crash here because invalid data

dim objDataRow
set objDataRow = objDataClass.AddRow

objDataRow.SetField 0, objInfo.IsActivated_InitialValue
objDataRow.SetField 1, objInfo.IsEnabled_InitialValue
objDataRow.SetField 2, objInfo.IsOwned_InitialValue
objDataRow.SetField 3, objInfo.ManufacturerId
objDataRow.SetField 4, objInfo.ManufacturerVersion
objDataRow.SetField 5, objInfo.ManufacturerVersionInfo
objDataRow.SetField 6, objInfo.PhysicalPresenceVersionInfo
objDataRow.SetField 7, objInfo.SpecVersion

Next
nse.SendQueued

'---------------------------------------------------------------------------

Tomasz Woźniak
Jun 26, 2014 04:07 PM

Great article. Thumb up from me!

I would only add that you can use the exact name of your custom inventory class instead of the guid.

So instead of

set objDCInstance = nse.AddDataClass ("{0683de19-a007-4eba-9ad5-32748a52ef14}")

you could use

set objDCInstance = nse.AddDataClass ("Expanded Bitlocker Status")

This way you do not need to worry about Guid anymore.

 

Tal Fisher
Jun 26, 2014 12:36 PM

This is a great start. Please do not stop here. How can symantec make Bitlocker and TPM Enabler/Status function native within Altiris?

 

HighTower
Oct 29, 2013 12:55 PM

This is great!  Thanks for putting this article together as it solved a major need for me.

I'd just add that be sure to check ON the "Allow multiple rows from a single computer resource" as this will return back information on all attached drives.  Remember that if you re-save your custom Data Class then a new GUID will be assigned so the inventory script has to be updated with the new GUID.

Related Entries and Links

No Related Resource entered.