Notification

Icon
Error

Drive Encryption statuses - What does it mean?

Posted: Wednesday, September 18, 2019 4:42:21 PM(UTC)
DFox

DFox

Member Original PosterPosts: 2
0
Like
Hey,
We utilize bitlocker in the studio and so this report is handy.

However, many workstations are coming up as "Unknown". I am assuming this is that the drive is currently encrypted by bitlocker and not been unlocked.

"no" - The drive has no bitlocker encryption
"yes" - The drive has bitlocker encryption but currently unlocked

Are these correct?

Thanks
Fox
JacobH
#1JacobH Member Posts: 172  
posted: 9/18/2019 5:41:10 PM(UTC)
Hey DFox -

I'm not sure what report you are referencing (It might be a new report as I'm not on newest version of LS) - but for Bitlocker, things are a tad complicated.

I think you're referring to

Code:
  Case
    When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
    Else 'UNKNOWN'


so if it's unknown, that means it doesn't have a record for the volume - i.e. it can't scan that information via WMI so it might not be a compatible OS, etc. (Not 100 percent sure what all the scenarios for why it has no record are)



Here's a report I use for Bitlocker status. Things to note are specifically the TPM versions (as you know it has to have a TPM chip to be bitlocker compatible - and the correct versions), plus if the TPM is Activated, Enabled, and Owned - if those three aren't YES, then it won't encrypt, and protectionstatus would be OFF.

I added the comments field because I sometimes type comments for the asset like 'TPM wrong Version' or 'Need to enable TPM' for assets so we can keep track of our progress.



Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssetCustom.Comments,
  tblAssets.Domain,
  tblAssets.Username,
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblTPM.SpecVersion,
  Case
    When tblTPM.IsActivated_InitialValue = 1 Then 'Yes'
    When tblTPM.IsActivated_InitialValue Is Null Then Null
    Else 'No'
  End As Activated,
  Case
    When tblTPM.IsEnabled_InitialValue = 1 Then 'Yes'
    When tblTPM.IsEnabled_InitialValue Is Null Then Null
    Else 'No'
  End As Enabled,
  Case
    When tblTPM.IsOwned_InitialValue = 1 Then 'Yes'
    When tblTPM.IsOwned_InitialValue Is Null Then Null
    Else 'No'
  End As Owned,
  tblOperatingsystem.Caption As OS,
  tblAssets.SP,
  tblEncryptableVolume.DriveLetter,
  Case
    When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
    Else 'UNKNOWN'
  End As ProtectionStatus,
  tblAssets.Lastseen,
  Case
    When tblPortableBattery.AssetID Is Null Then 'Desktop'
    Else 'Laptop'
  End As [Desktop/Laptop],
  Case
    When tblTPM.AssetId Is Null Then 'noTPM'
    Else 'HasTPM'
  End As HasTPMorNot,
  tblTPM.IsEnabled_InitialValue,
  tblTPM.IsOwned_InitialValue,
  tblTPM.ManufacturerVersionInfo,
  tblTPM.ManufacturerVersion,
  tblTPM.ManufacturerId,
  tblTPM.PhysicalPresenceVersionInfo,
  tblEncryptableVolume.LastChanged,
  tblBIOS.Caption,
  tblBIOS.Manufacturer As Manufacturer1,
  tblBIOS.SerialNumber,
  tblBIOS.SMBIOSMajorVersion,
  tblBIOS.SMBIOSBIOSVersion,
  tblBIOS.SMBIOSMinorVersion,
  tblBIOS.Version,
  tblTPM.LastChanged As TPMTableLastChanged
From tblAssets
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Inner Join tblOperatingsystem On
    tblAssets.AssetID = tblOperatingsystem.AssetID
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Left Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblBIOS On tblAssets.AssetID = tblBIOS.AssetID
  Left Join tblPortableBattery On tblAssets.AssetID = tblPortableBattery.AssetID
  Inner Join tblTPM On tblAssets.AssetID = tblTPM.AssetId
  Left Join tblEncryptableVolume On
    tblAssets.AssetID = tblEncryptableVolume.AssetId
Where (tblAssetCustom.Model Is Null Or
    tblAssetCustom.Model = '' Or tblAssetCustom.Model Not Like '%Virtual%') And
  tblOperatingsystem.Caption Not Like '%professional%' And
  tblEncryptableVolume.DriveLetter Like '%C%' And tblAssets.Lastseen Is Not Null
  And tblAssets.Lastseen <> '' And tblAssets.Lastseen > GetDate() - 3 And
  tblState.Statename = 'Active' And tsysAssetTypes.AssetTypename In ('Windows')
Order By tblAssets.Domain,
  tblAssets.AssetName





DFox
#2DFox Member Original PosterPosts: 2  
posted: 9/19/2019 12:54:06 PM(UTC)
Thanks for the reply JacobH, I'll give your report a run and see what results I get.

I am using the latest version with workstations without the TPM.
Confirming bitlocker for the workstations, after investigating:

OFF = For workstations that has no bitlocker setup
ON = For workstation that has bitlocker but are currently unlocked
UNKNOWN = For workstations have bitlocker and are currently locked

Active Discussions

Lansweeper Personalize interface user ticket
by  Brighton   Go to last post Go to first unread
Last post: Today at 9:31:34 PM(UTC)
Lansweeper Update dashboard defaulting to Helpdesk
by  nriddick  
Go to last post Go to first unread
Last post: Today at 9:22:18 PM(UTC)
Lansweeper Exchange Mailbox Usage
by  nhouse24   Go to last post Go to first unread
Last post: Today at 8:26:43 PM(UTC)
Lansweeper Change Management : Creating new Events type
by  Hugo Lynch  
Go to last post Go to first unread
Last post: Today at 8:05:34 PM(UTC)
Lansweeper Linked Tickets - Helpdesk Workflow/Subordinate Tickets
by  Argon0   Go to last post Go to first unread
Last post: Today at 5:22:27 PM(UTC)
Lansweeper SCCM Scanning Failure
by  wanduster  
Go to last post Go to first unread
Last post: Today at 4:18:47 PM(UTC)
Lansweeper Notification ticket in pending after 1 week
by  Vasile Ciuban   Go to last post Go to first unread
Last post: Today at 3:18:04 PM(UTC)
Lansweeper Assistance on Building a Report on Java Installations
by  Rob-CD  
Go to last post Go to first unread
Last post: Today at 10:20:11 AM(UTC)