Determine which computers have Bitlocker installed?

I've gotten a request to determine which computers on our network have Bitlocker enabled on their hard disks. What can I run to find this out?
LVL 1
vitalsign0Asked:
Who is Participating?
 
Ashok DewanConnect With a Mentor FreelancerCommented:
You can check with the help of this command
manage-bde -status

FOr more info check this link > http://www.forensicswiki.org/wiki/BitLocker_Disk_Encryption
0
 
vitalsign0Author Commented:
Ok, that's a start. How could I put that in a script file to query against a list of PC names?
0
 
adamnlConnect With a Mentor Commented:
To check BitLocker Status on a remote pc

    manage-bde -status -cn COMPUTERNAME


To change a BitLocker TPM pin on a remote pc connected to a Domain:

    manage-bde -changepin -cn COMPUTERNAME

To add a Bitlocker recovery key to Active Directory for a remote PC:

    manage-bde -protectors -add C: -cn COMPUTERNAME


Please note that your AD has to have the necessary schema extensions before the above command will work.
0
 
McKnifeConnect With a Mentor Commented:
I would use a domain startup script.
manage-bde -status |findstr /C:"Fully Encrypted" && manage-bde -status > \\server\share\bitlockerstatus\%computername%.txt

Open in new window

Whenever BL is used and at least one partition is fully encrypted, this script will produce a textfile named like the encrypted computer.
0
All Courses

From novice to tech pro — start learning today.