Bitlocker status is not accurate in Inventory
My company has a handful of computers that have been encrypted using Bitlocker, but in Inventory it shows as not encrypted/protected. Below is the disk drive of one of the computers
I've run "manage-bde -protectors -get c:" and these computers are returning a protector ID and the passwords are being recorded in Active Directory.
-
I've had success with it.
Ensure that you've done a scan on Hardware Devices before checking the information. That's how it pulls that status.
Also, enabled isn't the same thing is protected. In order for it to start encrypting, it need a reboot first. So you can have your key sent to AD, but if the box doesn't report back that it's encrypted, the flag won't check. Ensure that its status is Fully Encrypted.
-
After doing some digging and running the command above, we've discovered that it was our automated Bios updates. The script would suspend bitlocker protection and would not re-enable it after completion. At some point PDQ would scan the computer and add it to the list which is why computer that were previously fine started showing up.
Thank you.
Please sign in to leave a comment.
Comments
2 comments