→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
B_B_
Engaged Sweeper II
Hi all,

I am relatively new to Lansweeper, so I am trying to fumble my way through setting up a query. I'm not sure how to post the code properly although I did look around a little bit in the forum. So if I am doing it wrong, please tell me.

Anyway, I am trying to get a consistent number on the machines having Microsoft's BitLocker (BL) installed on them. I found a BitLocker counter on this forum and tried it (thank you to whomever posted it!) and it gives me 160 as the number of Windows 10 machines with BL. Here is that code:

Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblEncryptableVolume.DriveLetter,
Case When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON' Else 'UNKNOWN'
End As ProtectionStatus,
tblEncryptableVolume.LastChanged,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Location,
tsysIPLocations.IPLocation,
tsysOS.OSname As OS,
tblAssets.SP As SP,
tblAssets.Firstseen,
tblAssets.Lastseen
From tblEncryptableVolume
Inner Join tblAssets On tblEncryptableVolume.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Where (tblEncryptableVolume.ProtectionStatus = 0) Or
(tblEncryptableVolume.ProtectionStatus = 1)
Order By tblEncryptableVolume.ProtectionStatus


My boss runs a different but similar query and he gets either 159 or 160. So when we run a query asking for either encryption or BL, then we are very close on numbers.

Now, when we run a query for all of the Windows 10 machines from the Main Page - Software tab - "Windows OS/SP Overview" Win 10 hyperlink, which I think is a built in query for Lansweeper as I don't see how to edit it, we get 283 machines.

Now, according to the gentleman who installs the new machines, he claims he is putting BL on every one of them and has been for quite some time. My mission, should I accept it, is to figure out how to run a Lansweeper query that is going to tell me how many Windows 10 machines actually have BL on them. If the difference between the two reports is actually true, then I will have to figure out a query to run between the two other queries so I can get a report and start walking around to check them manually.

I hope this makes sense. Thank you for any assistance you can provide me!
3 REPLIES 3
Esben_D
Lansweeper Employee
Lansweeper Employee
I generally use one of these commands as a test: https://blogs.technet.microsoft.com/heyscriptingguy/2015/05/26/powershell-and-bitlocker-part-2/

Simply because I'm not great at powershell and these query the WMI class directly which is important. All you really need to validate is
1. Is bitlocker installed and running.
2. Is this reflected in the WMI class.
3. Is this information also in Lansweeper.

Personally I have yet to see a case where Lansweeper does not have the same value as the WMI class. Usually it's WMI not having correct information in these cases.
B_B_
Engaged Sweeper II
Thank you for the reply, Charles.X, as I do appreciate the advice.

Just to be clear, and possibly help anyone else who happens to be in my position have a well-rounded answer, are you in reference to this Powershell command?

manage-bde -status c:


That would work on a local machine. It appears I can use Powershell to check remote machines too using this command:

manage-bde -status -computername "computername"


I have completed a little bit of testing using the Powershell as a validation tool against what BitLocker is showing me. Once I showed this to my boss, he agreed with the findings. Now I need to create another BitLocker report, this time showing both the machines with BitLocker and those without it, all in the same report. I will see if I can figure this out, then open a new post if I run into issues. Thank you again for your assistance.
Esben_D
Lansweeper Employee
Lansweeper Employee
The query does look correct. The thing to keep in mind with your use case is where Lansweeper retrieves the information from.

If you go into the database documentation you can find that this information is taken from the win32-encryptablevolume WMI class.

If there is no information in the WMI class, Lansweeper won't have it either. So if you've been told specific machines have BL, but they don't appear to in Lansweeper, you can run a quick powershell command on one of the machines to check if WMI has the correct information.