Run report to list which Win 10 AD joined computers are encrypted with Bit Locker

Is there any way of running a report within a Server 2016 AD domain to list which Windows 10 computer are encrypted with Bit Locker?

If so how can this be done?
IT GuyNetwork EngineerAsked:
Who is Participating?
 
Sam Simon NasserConnect With a Mentor IT Support ProfessionalCommented:
you can do it via PowerShell https://gallery.technet.microsoft.com/scriptcenter/How-to-get-BitLocker-193ef058
Function GetStatus($ComputerName) 
{ 
    #Script block 
    $Scope = { manage-bde -cn $Env:COMPUTERNAME -status } 
    Try 
    { 
        #Invoke command to remoted computer 
        $Obj = Invoke-Command -ComputerName $ComputerName -Credential $Credential  -ScriptBlock $Scope 
        $Obj | select -First ($Obj.length-1) | select -Skip 3 
    } 
    Catch  
    { 
     Write-Error $_  
    } 
    Write-Host  
}

Open in new window

for multiple computers
Get-OSCBitlockerStatus -FilePath "C:\script\computers.txt" -Credential $cre

Open in new window

0
 
Brian McDonaldIT ManagerCommented:
If the machines are setup to add the bitlocker information (recovery, etc) to AD then you can run a powershell script to find those attributes and then list all the machines where those attributes are filled, I am not sure if this can be done if the machines were encrypted without storing the info in AD.
0
 
IT GuyNetwork EngineerAuthor Commented:
What is the script or the process that I can run on the domain controller to determine which Windows 10 client computers are using Bit Locker encryption?
0
 
McKnifeConnect With a Mentor Commented:
I would never advise to run commands from remote for two reasons
1 not all machines are in the office at all times, nor are all turned on at the same time
2 this has security implications: we are using a highly privileged account and need open ports

Instead, simply use a domain startup script, a batch one-liner:
manage-bde -status c: | findstr /c:"100,0%" || md \\server\share\%computername%

Open in new window

When executed on a machine where c: is not fully encrypted, the script creates a folder on a share named as the offending computer.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.