Tuesday, January 22, 2013 5:54 PM
We're deploying Bitlocker on a large number of 2008 R2 Std servers for a large customer.
Due to the scope and sensitivity of this project, we're looking for some kind of verification the Bitlocker volumes are encrypted and secure as expected. Ideally we want something that can be delivered to the customer and retained as a CYA measure.
Is there any official means of doing this, other than saving output of
Tuesday, January 22, 2013 6:51 PM
That would be the easiest. You can add on to that to clean up the output such as:
Manage-bde status | find /I "Conversion Status"
Be kind and Mark as Answer if I helped.
Tuesday, January 22, 2013 7:41 PM
Thanks. That's what I had in mind and I think we can use that if necessary.
Is anyone aware of a more definitive way to validate? The concern is that the above basically confirms that the software says the software is working.
These are RAID volumes so unfortunately I can't just attach to some other controller and see what happens when I try to mount them. I can disable TPM and reboot, but all this really verifies to me is that Windows is prompting for a key as expected.
Thanks, as always.
Tuesday, January 22, 2013 8:10 PM
Will this method work?
GetProtectionStatus method of the Win32_EncryptableVolume class
Get Bitlocker Protection Status of Drive
Dave Guenthner [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. http://blogs.technet.com/b/davguents_blog
Tuesday, January 22, 2013 10:28 PM
Dave, I believe that will work as well.
Thanks for your input, gentlemen.