Comments

15 comments

Date Votes
  • Ben Kroes

    If possible, this would be very helpful. We have found that MBAM reporting is not very accurate.

    0
    Comment actions Permalink
  • Shane Corellian

    We are looking into collecting BitLocker information as part of the Disks scanner in Inventory. 

    0
    Comment actions Permalink
  • Ben Kroes

    Thanks Shane, I think that would be a great addition!

    0
    Comment actions Permalink
  • Adam Kaddour

    Agreed, this would be an excellent feature.

    0
    Comment actions Permalink
  • Tim Reilly

    You can Make a Dynamic Collection for both of these conditions nested. 

    ( Filter=Service | Column=Description | Comparison=Contains | Value=BDESVC)

    ( Filter=Service | Column=State | Comparison=Contains | Value=Running)

    0
    Comment actions Permalink
  • Ben Kroes

    Thank you very much Treilly! This certainly helps us identify systems that have Bitlocker on/off. I think that the Disk Scanner in Inventory would still be ideal since it would tell us which system drives are encrypted and which ones are not.

    0
    Comment actions Permalink
  • Duane Barron

    Once identified can Bitlocker be turned off remotely?  We now have a way to put McAfee Encryption on devices that had Bitlocker installed and of course are deployed out into service, so we would benefit from turning it off remotely.

    0
    Comment actions Permalink
  • Chris Davidson

    Duane - If you have any remote management suite that can send commands you can do so with the manage-bde command: https://technet.microsoft.com/en-us/library/Ff829849.aspx

    0
    Comment actions Permalink
  • Zack Jones

    Has there been any update on this feature request? I've gotten very familiar with the 'manage-bde' commands but I've been unable to get the 'rebootcount' to work. It gives me an error 'Invalid Syntax "-rc" was not understood'. The command I used is 

     manage-bde -protectors -disable c: -rc 1

    0
    Comment actions Permalink
  • Duane Barron

    Chris - I could use PDQ deploy enterprise to do this?  I am not familiar with the manage-bde command

    0
    Comment actions Permalink
  • Zack Jones

    In PDQ Inventory I've created a custom tool to suspend Bitlocker and another one to resume. Below is the command line to disable.

    C:\Program Files (x86)\PSTools\psexec.exe -accepteula \\%Target% -s %windir%\system32\Manage-bde.exe -protectors -disable c:

    I've also created a package in PDQ Deploy to do the same thing using the command below.

    %windir%\system32\Manage-bde.exe -protectors -disable c:

     

    0
    Comment actions Permalink
  • Jeffrey Limones

    When will this become available?

    0
    Comment actions Permalink
  • Jason Hanks

    Hi Jeffrey,

    This is included in Inventory 8 under the Disk Drives panel.

    Bitlocker.png

    1
    Comment actions Permalink
  • David Kunkle
    • Edited

    hey Jeff, I just found this and it's really helpful.  We are trying to find the computers that do not have a PIN on them.  Is there a way to make a collection that will show me computers that DO NOT have TPM And Pin as a key protector?

     

    Or is there some kind of report we could create?

    0
    Comment actions Permalink
  • Adam Singer

    In reply to Zack's request

     

    I just struggled with this today as well but now I have a working PDQ Deploy package that suspends Bitlocker for 1 restart (For example if you use a startup PIN). Just use the command below.

    Suspend-BitLocker -MountPoint "C:" -RebootCount

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post