none
Get Drive Encryptions status using WMI RRS feed

  • Question

  • Hello Guys,

    I have written a VB script to check if drives are encrypted with bitlocker or not. It gives me "Access Denied" error. I do have required access. The script runs successfully only if it is executed with "Run As Administrator" option. This is making it difficult to pull status of remote systems. Kindly help.

    ---------------------------------------------------------------------------------------------------------------

    strComputer = "10.48.7.150"
    SET objWMIService = GetObject("winmgmts:\\" & strComputer & "\Root\CIMV2\Security\MicrosoftVolumeEncryption")
    SET objWMIObject = objWMIService.ExecQuery("select * from win32_EncryptableVolume")
    For Each drive in objWMIObject
    Wscript.Echo "Drive Letter: "& drive.DriveLetter
    Wscript.Echo "Protecton Status: "& drive.ProtectionStatus
    Next

    ---------------------------------------------------------------------------------------------------------------


    Regards, Darshan G. Parab

    Friday, August 21, 2015 8:35 AM

Answers

  • Hi JVR,

    Thanks for the reply. I got it working. Find below the working script.

    strComputer = "10.48.7.150"
    SET objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\" & strComputer & "\Root\CIMV2\Security\MicrosoftVolumeEncryption")
    SET objWMIObject = objWMIService.ExecQuery("select * from win32_EncryptableVolume")
    For Each drive in objWMIObject
    	result = "Drive Letter: " & drive.DriveLetter & " Protection Status: " & drive.ProtectionStatus
    	Wscript.Echo result
    Next
    


    Regards, Darshan G. Parab

    Wednesday, August 26, 2015 11:10 AM
  • This one is using powershell. "systems,csv" stores list of hostnames in column "Hostname"
    $final = @()
    
    function getencstatus
    {
    	param([int]$encstatus)
    	$status = switch ($encstatus) {
    	0 {"Not Encrypted"; break}
    	1 {"Encrypted"; break}
    	2 {"Status unknown. Drive may be locked."; break}
    	default {"Unknown error occured."; break}
    	}
    	return $status
    }
    $systems = Import-CSV .\Systems.csv
    $count = $systems.count
    $now = 1
    foreach($system in $systems)
    {
    	Write-Host "Processing " $now " of " $count
    	if($(get-wmiobject -query "select statuscode from win32_pingstatus where address='$($system.hostname)'").statuscode -eq 0)
    	{
    		$drives = $(Get-WmiObject -Impersonation Impersonate -Authentication PacketPrivacy -Namespace "Root\CIMV2\Security\MicrosoftVolumeEncryption" -ComputerName $system.hostname -Query "select * from win32_Encryptablevolume")
    		foreach ($drive in $drives)
    		{
    			$temp = New-Object PSObject
    			$temp | Add-Member -Type NoteProperty -Name Hostname -Value $system.hostname
    			$temp | Add-Member -Type NoteProperty -Name "Drive Letter" -Value $drive.DriveLetter
    			$temp | Add-Member -Type NoteProperty -Name Status -Value $(getencstatus($drive.ProtectionStatus))
    			$final += $temp
    			$temp = $null
    		}
    	}
    	Else
    	{
    		$temp = New-Object PSObject
    		$temp | Add-Member -Type NoteProperty -Name Hostname -Value $system.hostname
    		$temp | Add-Member -Type NoteProperty -Name "Drive Letter" -Value "System offline. data cannot be fetched."
    		$temp | Add-Member -Type NoteProperty -Name Status -Value "System offline. data cannot be fetched."
    		$final += $temp
    		$temp = $null
    	}
    	$now++
    }
    $final | Export-CSV .\Result.csv -NoTypeInformation


    Regards, Darshan G. Parab


    Wednesday, August 26, 2015 11:13 AM

All replies

  • You do not need to use RunAs to access remote systems.  Only the local system requires that.  You still must be an administrator to use WMI.


    \_(ツ)_/

    Friday, August 21, 2015 9:19 AM
  • Hi JVR,

    Thanks for the reply. I got it working. Find below the working script.

    strComputer = "10.48.7.150"
    SET objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\" & strComputer & "\Root\CIMV2\Security\MicrosoftVolumeEncryption")
    SET objWMIObject = objWMIService.ExecQuery("select * from win32_EncryptableVolume")
    For Each drive in objWMIObject
    	result = "Drive Letter: " & drive.DriveLetter & " Protection Status: " & drive.ProtectionStatus
    	Wscript.Echo result
    Next
    


    Regards, Darshan G. Parab

    Wednesday, August 26, 2015 11:10 AM
  • This one is using powershell. "systems,csv" stores list of hostnames in column "Hostname"
    $final = @()
    
    function getencstatus
    {
    	param([int]$encstatus)
    	$status = switch ($encstatus) {
    	0 {"Not Encrypted"; break}
    	1 {"Encrypted"; break}
    	2 {"Status unknown. Drive may be locked."; break}
    	default {"Unknown error occured."; break}
    	}
    	return $status
    }
    $systems = Import-CSV .\Systems.csv
    $count = $systems.count
    $now = 1
    foreach($system in $systems)
    {
    	Write-Host "Processing " $now " of " $count
    	if($(get-wmiobject -query "select statuscode from win32_pingstatus where address='$($system.hostname)'").statuscode -eq 0)
    	{
    		$drives = $(Get-WmiObject -Impersonation Impersonate -Authentication PacketPrivacy -Namespace "Root\CIMV2\Security\MicrosoftVolumeEncryption" -ComputerName $system.hostname -Query "select * from win32_Encryptablevolume")
    		foreach ($drive in $drives)
    		{
    			$temp = New-Object PSObject
    			$temp | Add-Member -Type NoteProperty -Name Hostname -Value $system.hostname
    			$temp | Add-Member -Type NoteProperty -Name "Drive Letter" -Value $drive.DriveLetter
    			$temp | Add-Member -Type NoteProperty -Name Status -Value $(getencstatus($drive.ProtectionStatus))
    			$final += $temp
    			$temp = $null
    		}
    	}
    	Else
    	{
    		$temp = New-Object PSObject
    		$temp | Add-Member -Type NoteProperty -Name Hostname -Value $system.hostname
    		$temp | Add-Member -Type NoteProperty -Name "Drive Letter" -Value "System offline. data cannot be fetched."
    		$temp | Add-Member -Type NoteProperty -Name Status -Value "System offline. data cannot be fetched."
    		$final += $temp
    		$temp = $null
    	}
    	$now++
    }
    $final | Export-CSV .\Result.csv -NoTypeInformation


    Regards, Darshan G. Parab


    Wednesday, August 26, 2015 11:13 AM