Jump to content


  • 0
anyweb

How can I determine if the drive is Encrypted (Protected) or not during a BitLocker task sequence in WinPE ?

Question

you might need to know if your drive is Protected with Bitlocker or not while in WinPE, so how do you do that ? by utilising a call to the GetProtectionStatus Method of the Win32_EncryptableVolume Class

Using Wmi Code Creator I put together a simple code to check for the value of this class, so the first code looked like this

 

wmicodegenerator.png

 

 

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_EncryptableVolume",,48)
For Each objItem in colItems
Wscript.Echo "-----------------------------------"
Wscript.Echo "Win32_EncryptableVolume instance"
Wscript.Echo "-----------------------------------"
Wscript.Echo "ProtectionStatus: " & objItem.ProtectionStatus
Next

 

 

And i've made it a bit more friendly so that it returns a MSGbox telling us what the value was determined to be in the code below

 

<job id="IsEncrypted">


<script language="VBScript" src="..\ZTIUtility.vbs"/>
<script language="VBScript">



strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_EncryptableVolume",,48)
For Each objItem in colItems
x=objItem.ProtectionStatus


Next

Dim oShell
Set oShell = CreateObject("WScript.Shell")

oEnvironment.Item("DRIVE_Protected") = False

retCode = x

msgbox "0=Protection OFF" &  vbCrLf & "1= Protection ON" &  vbCrLf & "2=Protection Unknown"  &  vbCrLf &  vbCrLf & "Protection Status Return code is:" & retcode,0, "Checking If Volume is Encrypted"

 	If(retCode = 2) OR (retCode = 1) Then
	oEnvironment.Item("DRIVE_Protected") = True  
 	End If

 	WScript.Quit(0)
 </script>
</job>

 

Once you are happy with the results, copy this script to your Bitlocker sub folder of the MDT 2010 update 1 scripts directory, update the package to the dp's and create a new Run Command Line step in the task sequence called Check ProtectionStatus

This step sets a variable called DRIVE_Protected = True if an encrypted volume is found (if the return code is 1 or 2) and we can base other steps in the task sequence upon this variable (ie: in a REFRESH scenario).

 

The actual run command line is as follows cscript.exe "%scriptroot%\bitlocker\IsVolumeEncrypted.wsf"

 

Next, On the Options tab of this step, set the Success Codes to 0 1 2

 

Place this step before the Partition and Format disc steps in your task sequence. That's it, now you have enough info to query the computer in WinPE to find out if theres an encrypted volume or not,

and based upon this do different actions in the task sequence.

 

Remember to rem out the MSGbox command if you want this to run uninteruptted/zero touch

 

cheers

niall

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0

Hi,

 

I want to encrypt the drive containing operating system.

 

In WMI code creator -> Execute a Method, I set namespace to "root\CIMV2\Security\MicrosoftVolumeEncryption", classes with methods to "Win32_EncryptableVolume", methods to "Encrypt".

But in"Select the instance ..." option, it does not list the DeviceID of the volume containing operation system.

 

Could you please let me know how to list the volume containing DeviceID in "Select the instance ..." option ?

 

Regards,

Yogi

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.