Notification

Icon
Error

Drive Encryption statuses - What does it mean?

Posted: Wednesday, September 18, 2019 4:42:21 PM(UTC)
DFox

DFox

Member Original PosterPosts: 2
0
Like
Hey,
We utilize bitlocker in the studio and so this report is handy.

However, many workstations are coming up as "Unknown". I am assuming this is that the drive is currently encrypted by bitlocker and not been unlocked.

"no" - The drive has no bitlocker encryption
"yes" - The drive has bitlocker encryption but currently unlocked

Are these correct?

Thanks
Fox
JacobH
#1JacobH Member Posts: 175  
posted: 9/18/2019 5:41:10 PM(UTC)
Hey DFox -

I'm not sure what report you are referencing (It might be a new report as I'm not on newest version of LS) - but for Bitlocker, things are a tad complicated.

I think you're referring to

Code:
  Case
    When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
    Else 'UNKNOWN'


so if it's unknown, that means it doesn't have a record for the volume - i.e. it can't scan that information via WMI so it might not be a compatible OS, etc. (Not 100 percent sure what all the scenarios for why it has no record are)



Here's a report I use for Bitlocker status. Things to note are specifically the TPM versions (as you know it has to have a TPM chip to be bitlocker compatible - and the correct versions), plus if the TPM is Activated, Enabled, and Owned - if those three aren't YES, then it won't encrypt, and protectionstatus would be OFF.

I added the comments field because I sometimes type comments for the asset like 'TPM wrong Version' or 'Need to enable TPM' for assets so we can keep track of our progress.



Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssetCustom.Comments,
  tblAssets.Domain,
  tblAssets.Username,
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblTPM.SpecVersion,
  Case
    When tblTPM.IsActivated_InitialValue = 1 Then 'Yes'
    When tblTPM.IsActivated_InitialValue Is Null Then Null
    Else 'No'
  End As Activated,
  Case
    When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes'
    When tblTPM.IsEnabled_InitialValue Is Null Then Null
    Else 'No'
  End As Enabled,
  Case
    When tblTPM.IsOwned_InitialValue = 1 Then 'Yes'
    When tblTPM.IsOwned_InitialValue Is Null Then Null
    Else 'No'
  End As Owned,
  tblOperatingsystem.Caption As OS,
  tblAssets.SP,
  tblEncryptableVolume.DriveLetter,
  Case
    When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
    Else 'UNKNOWN'
  End As ProtectionStatus,
  tblAssets.Lastseen,
  Case
    When tblPortableBattery.AssetID Is Null Then 'Desktop'
    Else 'Laptop'
  End As [Desktop/Laptop],
  Case
    When tblTPM.AssetId Is Null Then 'noTPM'
    Else 'HasTPM'
  End As HasTPMorNot,
  tblTPM.IsEnabled_InitialValue,
  tblTPM.IsOwned_InitialValue,
  tblTPM.ManufacturerVersionInfo,
  tblTPM.ManufacturerVersion,
  tblTPM.ManufacturerId,
  tblTPM.PhysicalPresenceVersionInfo,
  tblEncryptableVolume.LastChanged,
  tblBIOS.Caption,
  tblBIOS.Manufacturer As Manufacturer1,
  tblBIOS.SerialNumber,
  tblBIOS.SMBIOSMajorVersion,
  tblBIOS.SMBIOSBIOSVersion,
  tblBIOS.SMBIOSMinorVersion,
  tblBIOS.Version,
  tblTPM.LastChanged As TPMTableLastChanged
From tblAssets
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Inner Join tblOperatingsystem On
    tblAssets.AssetID = tblOperatingsystem.AssetID
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Left Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblBIOS On tblAssets.AssetID = tblBIOS.AssetID
  Left Join tblPortableBattery On tblAssets.AssetID = tblPortableBattery.AssetID
  Inner Join tblTPM On tblAssets.AssetID = tblTPM.AssetId
  Left Join tblEncryptableVolume On
    tblAssets.AssetID = tblEncryptableVolume.AssetId
Where (tblAssetCustom.Model Is Null Or
    tblAssetCustom.Model = '' Or tblAssetCustom.Model Not Like '%Virtual%') And
  tblOperatingsystem.Caption Not Like '%professional%' And
  tblEncryptableVolume.DriveLetter Like '%C%' And tblAssets.Lastseen Is Not Null
  And tblAssets.Lastseen <> '' And tblAssets.Lastseen > GetDate() - 3 And
  tblState.Statename = 'Active' And tsysAssetTypes.AssetTypename In ('Windows')
Order By tblAssets.Domain,
  tblAssets.AssetName





DFox
#2DFox Member Original PosterPosts: 2  
posted: 9/19/2019 12:54:06 PM(UTC)
Thanks for the reply JacobH, I'll give your report a run and see what results I get.

I am using the latest version with workstations without the TPM.
Confirming bitlocker for the workstations, after investigating:

OFF = For workstations that has no bitlocker setup
ON = For workstation that has bitlocker but are currently unlocked
UNKNOWN = For workstations have bitlocker and are currently locked

Active Discussions

Lansweeper Hyper-V guests dissapeared and reappeared
by  Esben.D   Go to last post Go to first unread
Last post: Yesterday at 4:30:47 PM(UTC)
Lansweeper DB cleanup script
by  William382  
Go to last post Go to first unread
Last post: Yesterday at 4:23:43 PM(UTC)
Lansweeper Installing MS KB with Deploy
by  Esben.D   Go to last post Go to first unread
Last post: Yesterday at 4:01:45 PM(UTC)
Lansweeper Ticket Info Meter incorrect
by  pfalls  
Go to last post Go to first unread
Last post: Yesterday at 3:27:44 PM(UTC)
Lansweeper Asset Checkboxes in reports
by  ufficioced   Go to last post Go to first unread
Last post: Yesterday at 1:22:17 PM(UTC)
Lansweeper Silent "Run as logged in user" option
by  CyberCitizen  
Go to last post Go to first unread
Last post: Yesterday at 3:45:25 AM(UTC)
Lansweeper New ticket creation not emailing the user
by  MVMIC IT LANSWEEPER   Go to last post Go to first unread
Last post: 11/15/2019 5:36:23 PM(UTC)