kryanC
asked on
Powershell to list all machine with Bitlocker Enabled
I'm try to get a list of full list of machines that also identifies if bitlocker ins enabled.
The following is a script that I was hoping to work however line 53
"if ($computer.name -match ('(' + [string]::Join(')|(', $bitlockerenabled) + ')'))"
throws:
"Exception calling "Join" with "2" argument(s): "Value cannot be null.
Parameter name: value"
At C:\Users\big.bob\Documents \New Users Scripts\Test4\BitLocker_Da ta.ps1:5
3 char:49
+ if ($computer.name -match ('(' + [string]::Join <<<< (')|(', $bitlockeren
abled) + ')'))
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException"
#
#
# NAME: Get-BitlockerComputerRepor t.ps1
#
# AUTHOR: Jan Egil Ring
# EMAIL: jan.egil.ring@crayon.com
#
# COMMENT: Script to retrieve BitLocker-information for all computer objects with Windows 7 or Windows Vista in the current domain.
#
# The information will be exported to a CSV-file containing the following information:
# -Computername
# -OperatingSystem
# -HasBitlockerRecoveryKey
# -HasTPM-OwnerInformation
#
# Required version: Windows PowerShell 1.0 or 2.0
# Required snapins: Quest.ActiveRoles.ADManage ment
# Requried privileges: Read-permission on msFVE-RecoveryInformation objects and Read-permissions on msTPM-OwnerInformation on computer-objects (e.g. Domain Admins)
#
# For more information, see the following blog-post: http://blog.powershell.no/2010/10/24/export-bitlocker-information-using-windows-powershell
#
# You have a royalty-free right to use, modify, reproduce, and
# distribute this script file in any way you find useful, provided that
# you agree that the creator, owner above has no warranty, obligations,
# or liability for such use.
#
# VERSION HISTORY:
# 1.0 24.10.2010 - Initial release
#
#
#Custom variables
$CsvFilePath = "C:\BitLockerComputerRepor t.csv"
#Export computers not Bitlocker-enabled to a CSV-file
$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties Name,ParentContainer | Where-Object {$_.type -eq "msFVE-RecoveryInformation "} | Foreach-Object {Split-Path -Path $_.ParentContainer -Leaf} | Select-Object -Unique
$computers = Get-QADComputer -SizeLimit 0 -IncludedProperties Name,OperatingSystem,msTPM -OwnerInfo rmation | Where-Object {$_.operatingsystem -like "Windows 7*" -or $_.operatingsystem -like "Windows Vista*"} | Sort-Object Name
#Create array to hold computer information
$export = @()
foreach ($computer in $computers)
{
#Create custom object for each computer
$computerobj = New-Object -TypeName psobject
#Add name and operatingsystem to custom object
$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value $computer.Name
$computerobj | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $computer.operatingsystem
#Set HasBitlockerRecoveryKey to true or false, based on matching against the computer-collection with BitLocker recovery information
if ($computer.name -match ('(' + [string]::Join(')|(', $bitlockerenabled) + ')'))
{
$computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $true
}
else
{
$computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $false
}
#Set HasTPM-OwnerInformation to true or false, based on the msTPM-OwnerInformation on the computer object
if ($computer."msTPM-OwnerInf ormation") {
$computerobj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $true
}
else
{
$computerobj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $false
}
#Add the computer object to the array with computer information
$export += $computerobj
}
#Export the array with computerinformation to the user-specified path
$export | Export-Csv -Path $CsvFilePath -NoTypeInformation
$error[0]|format-list -force
The following is a script that I was hoping to work however line 53
"if ($computer.name -match ('(' + [string]::Join(')|(', $bitlockerenabled) + ')'))"
throws:
"Exception calling "Join" with "2" argument(s): "Value cannot be null.
Parameter name: value"
At C:\Users\big.bob\Documents
3 char:49
+ if ($computer.name -match ('(' + [string]::Join <<<< (')|(', $bitlockeren
abled) + ')'))
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException"
#
#
# NAME: Get-BitlockerComputerRepor
#
# AUTHOR: Jan Egil Ring
# EMAIL: jan.egil.ring@crayon.com
#
# COMMENT: Script to retrieve BitLocker-information for all computer objects with Windows 7 or Windows Vista in the current domain.
#
# The information will be exported to a CSV-file containing the following information:
# -Computername
# -OperatingSystem
# -HasBitlockerRecoveryKey
# -HasTPM-OwnerInformation
#
# Required version: Windows PowerShell 1.0 or 2.0
# Required snapins: Quest.ActiveRoles.ADManage
# Requried privileges: Read-permission on msFVE-RecoveryInformation objects and Read-permissions on msTPM-OwnerInformation on computer-objects (e.g. Domain Admins)
#
# For more information, see the following blog-post: http://blog.powershell.no/2010/10/24/export-bitlocker-information-using-windows-powershell
#
# You have a royalty-free right to use, modify, reproduce, and
# distribute this script file in any way you find useful, provided that
# you agree that the creator, owner above has no warranty, obligations,
# or liability for such use.
#
# VERSION HISTORY:
# 1.0 24.10.2010 - Initial release
#
#
#Custom variables
$CsvFilePath = "C:\BitLockerComputerRepor
#Export computers not Bitlocker-enabled to a CSV-file
$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties Name,ParentContainer | Where-Object {$_.type -eq "msFVE-RecoveryInformation
$computers = Get-QADComputer -SizeLimit 0 -IncludedProperties Name,OperatingSystem,msTPM
#Create array to hold computer information
$export = @()
foreach ($computer in $computers)
{
#Create custom object for each computer
$computerobj = New-Object -TypeName psobject
#Add name and operatingsystem to custom object
$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value $computer.Name
$computerobj | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $computer.operatingsystem
#Set HasBitlockerRecoveryKey to true or false, based on matching against the computer-collection with BitLocker recovery information
if ($computer.name -match ('(' + [string]::Join(')|(', $bitlockerenabled) + ')'))
{
$computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $true
}
else
{
$computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $false
}
#Set HasTPM-OwnerInformation to true or false, based on the msTPM-OwnerInformation on the computer object
if ($computer."msTPM-OwnerInf
$computerobj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $true
}
else
{
$computerobj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $false
}
#Add the computer object to the array with computer information
$export += $computerobj
}
#Export the array with computerinformation to the user-specified path
$export | Export-Csv -Path $CsvFilePath -NoTypeInformation
$error[0]|format-list -force
ASKER
Chris,
Thanks for the help but where are the results for the WIM script? I tried exporting but it is blank. Sorry, but new to powershell.
Thanks
Kry
Thanks for the help but where are the results for the WIM script? I tried exporting but it is blank. Sorry, but new to powershell.
Thanks
Kry
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Chris thanks I had a small size limit for testing and all the initial computers were Servers and thus no info. Changed the number and all seems to be running smoothly. Will post back if I need more help, but again, thank you.
Ryan
Ryan
No problem, I hope it's useful :)
Chris
Chris
The script above can be shortened a little bit to this:
Open in new window
To get a true picture you might use WMI instead. The trouble is, it'll be quite a bit slower (as it needs to talk to each PC directly). It's also dependent on the PC being available at the point in time you run the script.Open in new window
Cheers,Chris