none
BitLocker encryption RRS feed

  • Question

  • Hi,

    I have about 200 PCs connected to our AD domain. All machines are encrypted using BitLocker.

    Is there any way/script that we can use to determine if there are any machines with no BitLocker encryption enabled on them?

    Regard,

    Abbas


    Abbas Haidar

    Wednesday, April 26, 2017 9:56 AM

All replies

  • Hi,

    I have about 200 PCs connected to our AD domain. All machines are encrypted using BitLocker.

    Is there any way/script that we can use to determine if there are any machines with no BitLocker encryption enabled on them?

    Regard,

    Abbas


    Abbas Haidar

    Hi,

    You could write a powershell script to do that.Please check this link for your reference:

    Bitlocker status on all computers

    https://community.spiceworks.com/topic/1083065-bitlocker-status-on-all-computers

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, April 27, 2017 5:56 AM
    Moderator
  • Yes, add the following line to your domain start script:

    manage-bde -status c: | findstr /c:"100,0%" ||echo not_encrypted>\\server\someshare\%computername%.txt

    (you will need to supply that share with write permissions to computer accounts). Afterwards, the share will be populated with computernames that are not encrypted.

    Thursday, April 27, 2017 7:51 AM