?
Solved

WMI Query for BitLocker status on C drive in Task Sequence in SCCM

Posted on 2013-06-24
2
Medium Priority
?
3,925 Views
Last Modified: 2013-07-02
I need to put a bit of logic in my task sequence that will only deploy a package if the C drive is not encrypted (there are two volumes on our machines)

strComputer = "." 
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2\Security\MicrosoftVolumeEncryption") 
' Obtain an instance of the the class 
' using a key property value.
Set objShare = objWMIService.Get("Win32_EncryptableVolume.DeviceID='\\?\Volume{1e2a7781-dd0f-11e2-90bf-24be05232bd4}\'")

' no InParameters to define

' Execute the method and obtain the return status.
' The OutParameters object in objOutParams
' is created by the provider.
Set objOutParams = objWMIService.ExecMethod("Win32_EncryptableVolume.DeviceID='\\?\Volume{1e2a7781-dd0f-11e2-90bf-24be05232bd4}\'", "GetLockStatus")

' List OutParams
Wscript.Echo "Out Parameters: "
Wscript.echo "LockStatus: " & objOutParams.LockStatus
Wscript.echo "ReturnValue: " & objOutParams.ReturnValue

Open in new window


How do I get to the point of identifying the C drive as the volumes are shown as security identifiers?

Can anyone assist?
0
Comment
Question by:aideb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 39273843
Powershell
$BitLockDrive = get-wmiobject -ComputerName "." -namespace root\CIMv2\Security\MicrosoftVolumeEncryption `
        -class Win32_EncryptableVolume `
        | select DriveLetter, IsVolumeInitializedforProtection
foreach( $drive in $BitLockDrive) {
#$Write-Output ($drive.DriveLetter)
If (($drive.DriveLetter -eq "C:" ) -and ($drive.IsVolumeInitializedforProtection -like "False") )
    {
   # This Drive is Not Encrypted
    $drive.DriveLetter
    $drive.IsVolumeInitializedForProtection
    }
}
     

Open in new window

0
 
LVL 2

Author Closing Comment

by:aideb
ID: 39294777
Thanks for a great solution!
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question