cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MrFox
Engaged Sweeper
Hey,
We utilize bitlocker in the studio and so this report is handy.

However, many workstations are coming up as "Unknown". I am assuming this is that the drive is currently encrypted by bitlocker and not been unlocked.

"no" - The drive has no bitlocker encryption
"yes" - The drive has bitlocker encryption but currently unlocked

Are these correct?

Thanks
Fox
2 REPLIES 2
MrFox
Engaged Sweeper
Thanks for the reply JacobH, I'll give your report a run and see what results I get.

I am using the latest version with workstations without the TPM.
Confirming bitlocker for the workstations, after investigating:

OFF = For workstations that has no bitlocker setup
ON = For workstation that has bitlocker but are currently unlocked
UNKNOWN = For workstations have bitlocker and are currently locked

JacobH
Champion Sweeper III
Hey DFox -

I'm not sure what report you are referencing (It might be a new report as I'm not on newest version of LS) - but for Bitlocker, things are a tad complicated.

I think you're referring to

  Case
When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
Else 'UNKNOWN'


so if it's unknown, that means it doesn't have a record for the volume - i.e. it can't scan that information via WMI so it might not be a compatible OS, etc. (Not 100 percent sure what all the scenarios for why it has no record are)



Here's a report I use for Bitlocker status. Things to note are specifically the TPM versions (as you know it has to have a TPM chip to be bitlocker compatible - and the correct versions), plus if the TPM is Activated, Enabled, and Owned - if those three aren't YES, then it won't encrypt, and protectionstatus would be OFF.

I added the comments field because I sometimes type comments for the asset like 'TPM wrong Version' or 'Need to enable TPM' for assets so we can keep track of our progress.



Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssetCustom.Comments,
tblAssets.Domain,
tblAssets.Username,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblTPM.SpecVersion,
Case
When tblTPM.IsActivated_InitialValue = 1 Then 'Yes'
When tblTPM.IsActivated_InitialValue Is Null Then Null
Else 'No'
End As Activated,
Case
When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes'
When tblTPM.IsEnabled_InitialValue Is Null Then Null
Else 'No'
End As Enabled,
Case
When tblTPM.IsOwned_InitialValue = 1 Then 'Yes'
When tblTPM.IsOwned_InitialValue Is Null Then Null
Else 'No'
End As Owned,
tblOperatingsystem.Caption As OS,
tblAssets.SP,
tblEncryptableVolume.DriveLetter,
Case
When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
Else 'UNKNOWN'
End As ProtectionStatus,
tblAssets.Lastseen,
Case
When tblPortableBattery.AssetID Is Null Then 'Desktop'
Else 'Laptop'
End As [Desktop/Laptop],
Case
When tblTPM.AssetId Is Null Then 'noTPM'
Else 'HasTPM'
End As HasTPMorNot,
tblTPM.IsEnabled_InitialValue,
tblTPM.IsOwned_InitialValue,
tblTPM.ManufacturerVersionInfo,
tblTPM.ManufacturerVersion,
tblTPM.ManufacturerId,
tblTPM.PhysicalPresenceVersionInfo,
tblEncryptableVolume.LastChanged,
tblBIOS.Caption,
tblBIOS.Manufacturer As Manufacturer1,
tblBIOS.SerialNumber,
tblBIOS.SMBIOSMajorVersion,
tblBIOS.SMBIOSBIOSVersion,
tblBIOS.SMBIOSMinorVersion,
tblBIOS.Version,
tblTPM.LastChanged As TPMTableLastChanged
From tblAssets
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblOperatingsystem On
tblAssets.AssetID = tblOperatingsystem.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Left Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblBIOS On tblAssets.AssetID = tblBIOS.AssetID
Left Join tblPortableBattery On tblAssets.AssetID = tblPortableBattery.AssetID
Inner Join tblTPM On tblAssets.AssetID = tblTPM.AssetId
Left Join tblEncryptableVolume On
tblAssets.AssetID = tblEncryptableVolume.AssetId
Where (tblAssetCustom.Model Is Null Or
tblAssetCustom.Model = '' Or tblAssetCustom.Model Not Like '%Virtual%') And
tblOperatingsystem.Caption Not Like '%professional%' And
tblEncryptableVolume.DriveLetter Like '%C%' And tblAssets.Lastseen Is Not Null
And tblAssets.Lastseen <> '' And tblAssets.Lastseen > GetDate() - 3 And
tblState.Statename = 'Active' And tsysAssetTypes.AssetTypename In ('Windows')
Order By tblAssets.Domain,
tblAssets.AssetName