This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Re: Drive Encryption statuses
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-18-2019 05:42 PM
Hey,
We utilize bitlocker in the studio and so this report is handy.
However, many workstations are coming up as "Unknown". I am assuming this is that the drive is currently encrypted by bitlocker and not been unlocked.
"no" - The drive has no bitlocker encryption
"yes" - The drive has bitlocker encryption but currently unlocked
Are these correct?
Thanks
Fox
We utilize bitlocker in the studio and so this report is handy.
However, many workstations are coming up as "Unknown". I am assuming this is that the drive is currently encrypted by bitlocker and not been unlocked.
"no" - The drive has no bitlocker encryption
"yes" - The drive has bitlocker encryption but currently unlocked
Are these correct?
Thanks
Fox
Labels:
- Labels:
-
Report Center
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-19-2019 01:54 PM
Thanks for the reply JacobH, I'll give your report a run and see what results I get.
I am using the latest version with workstations without the TPM.
Confirming bitlocker for the workstations, after investigating:
OFF = For workstations that has no bitlocker setup
ON = For workstation that has bitlocker but are currently unlocked
UNKNOWN = For workstations have bitlocker and are currently locked
I am using the latest version with workstations without the TPM.
Confirming bitlocker for the workstations, after investigating:
OFF = For workstations that has no bitlocker setup
ON = For workstation that has bitlocker but are currently unlocked
UNKNOWN = For workstations have bitlocker and are currently locked
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-18-2019 06:41 PM
Hey DFox -
I'm not sure what report you are referencing (It might be a new report as I'm not on newest version of LS) - but for Bitlocker, things are a tad complicated.
I think you're referring to
so if it's unknown, that means it doesn't have a record for the volume - i.e. it can't scan that information via WMI so it might not be a compatible OS, etc. (Not 100 percent sure what all the scenarios for why it has no record are)
Here's a report I use for Bitlocker status. Things to note are specifically the TPM versions (as you know it has to have a TPM chip to be bitlocker compatible - and the correct versions), plus if the TPM is Activated, Enabled, and Owned - if those three aren't YES, then it won't encrypt, and protectionstatus would be OFF.
I added the comments field because I sometimes type comments for the asset like 'TPM wrong Version' or 'Need to enable TPM' for assets so we can keep track of our progress.
I'm not sure what report you are referencing (It might be a new report as I'm not on newest version of LS) - but for Bitlocker, things are a tad complicated.
I think you're referring to
Case
When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
Else 'UNKNOWN'
so if it's unknown, that means it doesn't have a record for the volume - i.e. it can't scan that information via WMI so it might not be a compatible OS, etc. (Not 100 percent sure what all the scenarios for why it has no record are)
Here's a report I use for Bitlocker status. Things to note are specifically the TPM versions (as you know it has to have a TPM chip to be bitlocker compatible - and the correct versions), plus if the TPM is Activated, Enabled, and Owned - if those three aren't YES, then it won't encrypt, and protectionstatus would be OFF.
I added the comments field because I sometimes type comments for the asset like 'TPM wrong Version' or 'Need to enable TPM' for assets so we can keep track of our progress.
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssetCustom.Comments,
tblAssets.Domain,
tblAssets.Username,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblTPM.SpecVersion,
Case
When tblTPM.IsActivated_InitialValue = 1 Then 'Yes'
When tblTPM.IsActivated_InitialValue Is Null Then Null
Else 'No'
End As Activated,
Case
When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes'
When tblTPM.IsEnabled_InitialValue Is Null Then Null
Else 'No'
End As Enabled,
Case
When tblTPM.IsOwned_InitialValue = 1 Then 'Yes'
When tblTPM.IsOwned_InitialValue Is Null Then Null
Else 'No'
End As Owned,
tblOperatingsystem.Caption As OS,
tblAssets.SP,
tblEncryptableVolume.DriveLetter,
Case
When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
Else 'UNKNOWN'
End As ProtectionStatus,
tblAssets.Lastseen,
Case
When tblPortableBattery.AssetID Is Null Then 'Desktop'
Else 'Laptop'
End As [Desktop/Laptop],
Case
When tblTPM.AssetId Is Null Then 'noTPM'
Else 'HasTPM'
End As HasTPMorNot,
tblTPM.IsEnabled_InitialValue,
tblTPM.IsOwned_InitialValue,
tblTPM.ManufacturerVersionInfo,
tblTPM.ManufacturerVersion,
tblTPM.ManufacturerId,
tblTPM.PhysicalPresenceVersionInfo,
tblEncryptableVolume.LastChanged,
tblBIOS.Caption,
tblBIOS.Manufacturer As Manufacturer1,
tblBIOS.SerialNumber,
tblBIOS.SMBIOSMajorVersion,
tblBIOS.SMBIOSBIOSVersion,
tblBIOS.SMBIOSMinorVersion,
tblBIOS.Version,
tblTPM.LastChanged As TPMTableLastChanged
From tblAssets
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblOperatingsystem On
tblAssets.AssetID = tblOperatingsystem.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Left Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblBIOS On tblAssets.AssetID = tblBIOS.AssetID
Left Join tblPortableBattery On tblAssets.AssetID = tblPortableBattery.AssetID
Inner Join tblTPM On tblAssets.AssetID = tblTPM.AssetId
Left Join tblEncryptableVolume On
tblAssets.AssetID = tblEncryptableVolume.AssetId
Where (tblAssetCustom.Model Is Null Or
tblAssetCustom.Model = '' Or tblAssetCustom.Model Not Like '%Virtual%') And
tblOperatingsystem.Caption Not Like '%professional%' And
tblEncryptableVolume.DriveLetter Like '%C%' And tblAssets.Lastseen Is Not Null
And tblAssets.Lastseen <> '' And tblAssets.Lastseen > GetDate() - 3 And
tblState.Statename = 'Active' And tsysAssetTypes.AssetTypename In ('Windows')
Order By tblAssets.Domain,
tblAssets.AssetName
Reports & Analytics
Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Built-in Bitlocker Report Accuracy in Reports & Analytics
- Bitlocker and McAfee Encryption report in Reports & Analytics
- how to include Encryption Method in "Find BitLocker Drive Encrypted Volumes in Your Network" report in Reports & Analytics
- Drive Encryption statuses in Reports & Analytics
- Computers: Encryptable Volumes help in General Discussions
