This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- BitLocker counts
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2018 09:44 PM
Hi all,
I am relatively new to Lansweeper, so I am trying to fumble my way through setting up a query. I'm not sure how to post the code properly although I did look around a little bit in the forum. So if I am doing it wrong, please tell me.
Anyway, I am trying to get a consistent number on the machines having Microsoft's BitLocker (BL) installed on them. I found a BitLocker counter on this forum and tried it (thank you to whomever posted it!) and it gives me 160 as the number of Windows 10 machines with BL. Here is that code:
My boss runs a different but similar query and he gets either 159 or 160. So when we run a query asking for either encryption or BL, then we are very close on numbers.
Now, when we run a query for all of the Windows 10 machines from the Main Page - Software tab - "Windows OS/SP Overview" Win 10 hyperlink, which I think is a built in query for Lansweeper as I don't see how to edit it, we get 283 machines.
Now, according to the gentleman who installs the new machines, he claims he is putting BL on every one of them and has been for quite some time. My mission, should I accept it, is to figure out how to run a Lansweeper query that is going to tell me how many Windows 10 machines actually have BL on them. If the difference between the two reports is actually true, then I will have to figure out a query to run between the two other queries so I can get a report and start walking around to check them manually.
I hope this makes sense. Thank you for any assistance you can provide me!
I am relatively new to Lansweeper, so I am trying to fumble my way through setting up a query. I'm not sure how to post the code properly although I did look around a little bit in the forum. So if I am doing it wrong, please tell me.
Anyway, I am trying to get a consistent number on the machines having Microsoft's BitLocker (BL) installed on them. I found a BitLocker counter on this forum and tried it (thank you to whomever posted it!) and it gives me 160 as the number of Windows 10 machines with BL. Here is that code:
Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblEncryptableVolume.DriveLetter,
Case When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON' Else 'UNKNOWN'
End As ProtectionStatus,
tblEncryptableVolume.LastChanged,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Location,
tsysIPLocations.IPLocation,
tsysOS.OSname As OS,
tblAssets.SP As SP,
tblAssets.Firstseen,
tblAssets.Lastseen
From tblEncryptableVolume
Inner Join tblAssets On tblEncryptableVolume.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Where (tblEncryptableVolume.ProtectionStatus = 0) Or
(tblEncryptableVolume.ProtectionStatus = 1)
Order By tblEncryptableVolume.ProtectionStatus
My boss runs a different but similar query and he gets either 159 or 160. So when we run a query asking for either encryption or BL, then we are very close on numbers.
Now, when we run a query for all of the Windows 10 machines from the Main Page - Software tab - "Windows OS/SP Overview" Win 10 hyperlink, which I think is a built in query for Lansweeper as I don't see how to edit it, we get 283 machines.
Now, according to the gentleman who installs the new machines, he claims he is putting BL on every one of them and has been for quite some time. My mission, should I accept it, is to figure out how to run a Lansweeper query that is going to tell me how many Windows 10 machines actually have BL on them. If the difference between the two reports is actually true, then I will have to figure out a query to run between the two other queries so I can get a report and start walking around to check them manually.
I hope this makes sense. Thank you for any assistance you can provide me!
Labels:
- Labels:
-
General Discussion
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 09:40 AM
I generally use one of these commands as a test: https://blogs.technet.microsoft.com/heyscriptingguy/2015/05/26/powershell-and-bitlocker-part-2/
Simply because I'm not great at powershell and these query the WMI class directly which is important. All you really need to validate is
1. Is bitlocker installed and running.
2. Is this reflected in the WMI class.
3. Is this information also in Lansweeper.
Personally I have yet to see a case where Lansweeper does not have the same value as the WMI class. Usually it's WMI not having correct information in these cases.
Simply because I'm not great at powershell and these query the WMI class directly which is important. All you really need to validate is
1. Is bitlocker installed and running.
2. Is this reflected in the WMI class.
3. Is this information also in Lansweeper.
Personally I have yet to see a case where Lansweeper does not have the same value as the WMI class. Usually it's WMI not having correct information in these cases.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2018 08:10 PM
Thank you for the reply, Charles.X, as I do appreciate the advice.
Just to be clear, and possibly help anyone else who happens to be in my position have a well-rounded answer, are you in reference to this Powershell command?
That would work on a local machine. It appears I can use Powershell to check remote machines too using this command:
I have completed a little bit of testing using the Powershell as a validation tool against what BitLocker is showing me. Once I showed this to my boss, he agreed with the findings. Now I need to create another BitLocker report, this time showing both the machines with BitLocker and those without it, all in the same report. I will see if I can figure this out, then open a new post if I run into issues. Thank you again for your assistance.
Just to be clear, and possibly help anyone else who happens to be in my position have a well-rounded answer, are you in reference to this Powershell command?
manage-bde -status c:
That would work on a local machine. It appears I can use Powershell to check remote machines too using this command:
manage-bde -status -computername "computername"
I have completed a little bit of testing using the Powershell as a validation tool against what BitLocker is showing me. Once I showed this to my boss, he agreed with the findings. Now I need to create another BitLocker report, this time showing both the machines with BitLocker and those without it, all in the same report. I will see if I can figure this out, then open a new post if I run into issues. Thank you again for your assistance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2018 01:02 PM
The query does look correct. The thing to keep in mind with your use case is where Lansweeper retrieves the information from.
If you go into the database documentation you can find that this information is taken from the win32-encryptablevolume WMI class.
If there is no information in the WMI class, Lansweeper won't have it either. So if you've been told specific machines have BL, but they don't appear to in Lansweeper, you can run a quick powershell command on one of the machines to check if WMI has the correct information.
If you go into the database documentation you can find that this information is taken from the win32-encryptablevolume WMI class.
If there is no information in the WMI class, Lansweeper won't have it either. So if you've been told specific machines have BL, but they don't appear to in Lansweeper, you can run a quick powershell command on one of the machines to check if WMI has the correct information.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- asset count by asset type in Reports & Analytics
- Inside Lansweeper: Weekly Recap in General Discussions
- duplicate registry values report - shows multiple dupes for the same asset in General Discussions
- Count dashboard in General Discussions
- ❗Last call: Vote for your favourite Lansweeper Integration! in General Discussions
