This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Custom Report - Exclude certain asset groups
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2024 04:49 PM
Hello,
I have a report that shows pcs that are not encrypted via bitlocker. I have some PCs in this report that cannot be encrypted and I want to exclude them. I could exclude one by one using Where tblAssets.AssetName Not Like 'XXX' but the report would get a bit messy.
I have attempted to drop them in an asset group and exclude that particular asset group, but they still belong to the "default group" which you cannot remove PCs from, so they still show up on the report. I have also tried the custom fields, comments, and Descriptions of the PCs, but when I include the "not Like" XXX nothing returns because I dont have anything in these feilds normally.
Any advice on what to try next is welcome!
Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssetCustom.Serialnumber,
tblEncryptableVolume.DriveLetter,
Case
When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
Else 'UNKNOWN'
End As ProtectionStatus,
tblEncryptableVolume.LastChanged,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
Case
When tblPortableBattery.AssetID Is Null Then 'Desktop'
Else 'Laptop'
End As [Desktop/Laptop],
tsysIPLocations.IPLocation,
tblOperatingsystem.Caption As OS,
tblAssets.Version,
tblAssets.Firstseen,
tblAssets.Lastseen
From tblEncryptableVolume
Inner Join tblAssets On tblEncryptableVolume.AssetId = tblAssets.AssetID
Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
Left Join tblPortableBattery On tblAssets.AssetID = tblPortableBattery.AssetID
Inner Join tblOperatingsystem On
tblAssets.AssetID = tblOperatingsystem.AssetID
Where tblEncryptableVolume.DriveLetter = 'C:' And Case
When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
Else 'UNKNOWN'
End = 'OFF' And tblAssetCustom.Manufacturer Not Like 'Apple Inc.' And
tblAssetCustom.Manufacturer Not Like 'VMware, Inc.' And
tblAssetCustom.Manufacturer Not Like 'Virtual Machine'
Order By tblAssets.AssetName
Labels:
- Labels:
-
Built-In Reports
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2024 07:09 PM
If you mean that they actually cannot be encrypted by bitlocker, then I would report on the TPM Module version of the computers, as that is usually the determining factor for what can be encrypted or not. Generally TPM has to be 1.2 or higher for bitlocker to work. You could do a group policy (I think, its been quite a while) to "allow bitlocker without a compatible TPM" - Make sure though, to make a report that shows everything so that 1) you dont' forget they are there and 2) for compliance and security reasons.
Here's a report you can mess around with:
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblTPM.SpecVersion,
Case
When tblTPM.IsActivated_InitialValue = 1 Then 'Yes'
When tblTPM.IsActivated_InitialValue Is Null Then Null
Else 'No'
End As Activated,
Case
When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes'
When tblTPM.IsEnabled_InitialValue Is Null Then Null
Else 'No'
End As Enabled,
Case
When tblTPM.IsOwned_InitialValue = 1 Then 'Yes'
When tblTPM.IsOwned_InitialValue Is Null Then Null
Else 'No'
End As Owned,
tblOperatingsystem.Caption As OS,
tblAssets.SP,
tblEncryptableVolume.DriveLetter,
Case
When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
Else 'UNKNOWN'
End As ProtectionStatus,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When tblPortableBattery.AssetID Is Null Then 'Desktop'
Else 'Laptop'
End As [Desktop/Laptop],
Case
When tblTPM.AssetId Is Null Then 'noTPM'
Else 'HasTPM'
End As HasTPMorNot,
tblTPM.IsEnabled_InitialValue,
tblTPM.IsOwned_InitialValue,
tblTPM.ManufacturerVersionInfo,
tblTPM.ManufacturerVersion,
tblTPM.ManufacturerId,
tblTPM.PhysicalPresenceVersionInfo
From tblAssets
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblOperatingsystem On
tblAssets.AssetID = tblOperatingsystem.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tblPortableBattery On tblAssets.AssetID = tblPortableBattery.AssetID
Inner Join tblTPM On tblAssets.AssetID = tblTPM.AssetId
Left Join tblEncryptableVolume On
tblAssets.AssetID = tblEncryptableVolume.AssetId
Where (tblAssetCustom.Model Is Null Or tblAssetCustom.Model = '' Or
tblAssetCustom.Model Not Like '%Virtual%') And
tblOperatingsystem.Caption Not Like '%professional%' And
tblEncryptableVolume.DriveLetter Like '%C%' And tblAssets.Lastseen Is Not Null
And tblAssets.Lastseen <> '' And tblState.Statename = 'Active' And
tsysAssetTypes.AssetTypename In ('Windows')
Order By tblAssets.Domain,
tblAssets.AssetName
Reports & Analytics
Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Lansweeper Cloud Intune Discovery Actions Filter to scan no windows clients in Product Discussions
- How to group assets in Lansweeper? in Open Office Hours Q&A
- Is it possible to exclude SSH scanning when setting up a scanning target by asset type? in Open Office Hours Q&A
- Excluding GCP "default projects" Created by Google AppScript from Discovery Scans in General Discussions
- How can we ensure that all of our Windows workstations are excluded from agentless scanning? in Open Office Hours Q&A
