locked
WSUS to Check Bit Locker Encryption RRS feed

  • Question

  • We have WSUS with Solarwinds Patch Manager installed.  Can I use this to check to see which computers on my network are not encrypted with Bit Locker?

    Thursday, August 7, 2014 6:21 PM

Answers

  • We have WSUS with Solarwinds Patch Manager installed.  Can I use this to check to see which computers on my network are not encrypted with Bit Locker?

    There are three possible ways to evaluate this question.

    [1] The first is via the Services Basic Information report in Patch Manager. Filter on the Display Name or Service Name for the Bitlocker service, and then determine if the service's ProcessID is a non-zero value. If so, the service is running, which implies a BitLocker enabled volume/drive/device is active. This also has the added advantage of identifying BitLockerToGo devices (e.g. USB Thumb Drives) as well.

    [2] As I understand how BitLocker works, if BitLocker is enabled on a system, a registry key

    HKLM\Software\Policies\FVE

    is created. You can use the Registry Inventory capability of SolarWinds Patch Manager to inventory for the existence of that registry key. The absence of the key would imply that BitLocker is not in use on that system for a fixed volume, but I can also tell from my own system that a BitLockerToGo drive does not create this key on a Win7SP1 system.

    [3] In addition, you can also query WMI in the Win32_EncryptableVolume class. A "patch package" could be created with a WMI Query Rule that tests for information in that WMI class, and the WUA could return to WSUS (and visible via Patch Manager) a NotApplicable or Installed status based on whether BitLocker is enabled or not.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by Daniel JiSun Thursday, August 14, 2014 12:05 PM
    Thursday, August 7, 2014 9:04 PM