asked on

PowerShell Code Needs Modifications

Hello,
I need the following code below to perform the following:
1. to append the FQDN to the $computerName variable.
2. The following data needs to be populated

__GENUS : 2
__CLASS : Win32_EncryptableVolume
__SUPERCLASS :
__DYNASTY : Win32_EncryptableVolume
__RELPATH : Win32_EncryptableVolume.DeviceID="\\\\?\\Volume{Commented OUT}\\"
__PROPERTY_COUNT : 8
__DERIVATION : {}
__SERVER : TestSystem
__NAMESPACE : root\CIMV2\Security\MicrosoftVolumeEncryption
__PATH : \\TestSystem\root\CIMV2\Security\MicrosoftVolumeEncryption:Win32_EncryptableVolume.DeviceID=
"\\\\?\\Volume{Commented OUT}\\"
ConversionStatus : 1
DeviceID : \\?\Volume{Commented OUT}\
DriveLetter : C:
EncryptionMethod : 6
IsVolumeInitializedForProtection : True
PersistentVolumeID : {Commented OUT}
ProtectionStatus : 1
VolumeType : 0
PSComputerName : TestSystem

Import-Module -Name ActiveDirectory
$resultFile = 'C:\Temp\ProtectionStatus.csv'
$computerList = Get-ADComputer -filter * -SearchBase "OU=Center Manager,OU=Clinical Desktops,OU=Computer Accounts,DC=ppct,DC=world" |
	Select-Object -ExpandProperty DNSHostName

$computerList | Foreach-Object {
	$computerName = $_
	"Processing $($computerName) ..." | Write-Host -ForegroundColor White -NoNewline
	Try {
		Get-WmiObject -ComputerName $computerName -Namespace "root\CIMV2\Security\MicrosoftVolumeEncryption" -Query "SELECT DriveLetter, ProtectionStatus FROM Win32_EncryptableVolume" -ErrorAction Stop |
			Select-Object -Property @{n='ComputerName'; e={$computerName}}, DriveLetter, ProtectionStatus, Error
		" OK" | Write-Host -ForegroundColor Green
	} Catch {
		$_ | Select-Object -Property @{n='ComputerName'; e={$computerName}}, DriveLetter, ProtectionStatus, @{n='Error'; e={$_.Exception.Message}}
		" ERROR" | Write-Host -ForegroundColor Red
	}
} | Export-Csv -NoTypeInformation -Path $resultFile
"Results written to '$($resultFile)'" | Write-Host -ForegroundColor White
Import-Csv -Path $resultFile | Out-GridView

Open in new window

footech

The "ComputerName" property should already have the FQDN. It is retrieved via the Get-ADComputer command where the DNSHostName attribute is specified (if some other attribute was specified, like "name", then this wouldn't be the case).

If you need to change which properties are included in your results, just specify them with the Select-Object commands (on lines 11 and 14).

ASKER CERTIFIED SOLUTION

oBdA

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

stressedout2004

ASKER

I need to pull information to prove a laptop is encrypted. Does that help :)

Also I receive the RPC Error. Can we append the DNS namespace ppct.world to the computer name? I have verified that WMI, DCOM and permissions are not the problem. Further, the firewall is turned off and the account running the script is a Domain Admin Account.
Untitled.jpg

oBdA

You're using an old version of the script (or you copied/replaced line 3 without the pipe at the end). Check the ComputerName column - that's the machine's Distinguished Name, not the FQDN, which does no good for remote queries.
The current script extracts the machine's FQDN from AD (lines 3 and 4 above).
And the WMI specific properties ("__...") are pretty irrelevant when it comes to show that a drive is encrypted. The normal properties will do just nicely.

stressedout2004

ASKER

Got it thanks. One final question. What syntax would I enter to search all computer objects in AD?

oBdA

Just don't limit the search by removing the -SearchBase "OU=Center Manager,OU=Clinical Desktops,OU=Computer Accounts,DC=ppct,DC=world" in line 3 (but make sure to keep the pipe | at the end!)

stressedout2004

ASKER

To confirm
$computerList = Get-ADComputer -filter * -SearchBase "OU=Center Manager,OU=Clinical Desktops,OU=Computer Accounts,DC=ppct,DC=world" |

Becomes this
$computerList = Get-ADComputer -filter * |

oBdA

Like that, yes.

stressedout2004

ASKER

works perfect