Notification

Icon
Error

Expanded Encrypted Volume Report (UEFI Boot / SecureBoot Status) - This is expanded version of the Encrypted Volume Report

Posted: Thursday, December 12, 2019 3:20:34 PM(UTC)
PeterG

PeterG

Member Original PosterPosts: 104
0
Like
I've created report that shows Boot Mode (UEFI / BIOS) if SecureBoot is Enabled/Disabled and if System Drive is Bitlocker Encrypted or Not.


In order for this report to work it requires a custom registry scan configured as follows:

Rootkey: HKEY_LOCAL_MACHINE
RegPath: SYSTEM\CurrentControlSet\Control\SecureBoot\State
RegValue: UEFISecureBootEnabled



Code:
Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblEncryptableVolume.DriveLetter,
  Case
    When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
    Else 'UNKNOWN'
  End As BitLocker,
  Case
    When tblRegistry.Value = 0 Then 'DISABLED'
    When tblRegistry.Value = 1 Then 'ENABLED'
    Else 'UNKNOWN'
  End As SecureBoot,
  Case
    When tblRegistry.Value Is Null Then 'BIOS'
    Else 'UEFI'
  End As [Boot Mode],
  tblEncryptableVolume.LastChanged,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.IPAddress,
  tblAssets.Description,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblAssetCustom.Location,
  tsysIPLocations.IPLocation,
  tsysOS.OSname As OS,
  tblAssets.SP As SP,
  tblAssets.Firstseen,
  tblAssets.Lastseen
From tblEncryptableVolume
  Inner Join tblAssets On tblEncryptableVolume.AssetId = tblAssets.AssetID
  Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
  Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID
Where
  tblRegistry.Regkey Like
  'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State' And
  tblRegistry.Valuename = 'UEFISecureBootEnabled'
Order By tblAssets.AssetName
PeterG
#1PeterG Member Original PosterPosts: 104  
posted: 12/16/2019 2:25:59 PM(UTC)
Added Partition Type of System Drive

Code:
Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.IPAddress,
  tblEncryptableVolume.DriveLetter,
  Case
    When tblDiskPartition.Type = 'Installable File System' Then 'MBR'
    When tblDiskPartition.Type = 'GPT: System' Then 'GPT'
    Else 'UNKNOWN'
  End As [System Partition],
  Case
    When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
    Else 'UNKNOWN'
  End As BitLocker,
  Case
    When tblRegistry.Value = 0 Then 'DISABLED'
    When tblRegistry.Value = 1 Then 'ENABLED'
    Else 'UNKNOWN'
  End As SecureBoot,
  Case
    When tblRegistry.Value Is Null Then 'BIOS'
    Else 'UEFI'
  End As [Boot Mode],
  tblEncryptableVolume.LastChanged,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Description,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysIPLocations.IPLocation,
  tsysOS.OSname As OS,
  tblAssets.SP As SP,
  tblAssets.Firstseen,
  tblAssets.Lastseen
From tblEncryptableVolume
  Inner Join tblAssets On tblEncryptableVolume.AssetId = tblAssets.AssetID
  Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
  Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID
  Inner Join tblDiskPartition On tblAssets.AssetID = tblDiskPartition.AssetID
Where (tblDiskPartition.Type = 'GPT: System' Or tblDiskPartition.Type =
    'Installable File System') And
  tblRegistry.Regkey Like
  'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State' And
  tblRegistry.Valuename = 'UEFISecureBootEnabled'
Order By tblAssets.AssetName

Active Discussions

Lansweeper Asset Out of Warranty & Asset Out of Warranty in 60 Days Reports
by  RC62N   Go to last post Go to first unread
Last post: Yesterday at 10:29:35 PM(UTC)
Lansweeper Voip Phone to Computer
by  lansend  
Go to last post Go to first unread
Last post: Yesterday at 1:27:10 AM(UTC)
Lansweeper Report Showing custom registry keys scanned
by  impagian   Go to last post Go to first unread
Last post: 1/23/2020 4:01:34 PM(UTC)
Lansweeper Dell Update v3.0
by  gmw158  
Go to last post Go to first unread
Last post: 1/22/2020 5:42:19 PM(UTC)
Lansweeper Report to compare softwareVersion
by  RC62N   Go to last post Go to first unread
Last post: 1/22/2020 4:57:16 PM(UTC)
Lansweeper Dublicate entries (multiple lines with assetname)
by  wkorrubel  
Go to last post Go to first unread
Last post: 1/22/2020 10:10:28 AM(UTC)
Lansweeper Only show string right of character N
by  RC62N   Go to last post Go to first unread
Last post: 1/20/2020 10:36:12 PM(UTC)
Lansweeper Report From Lansweeper For My Company
by  RC62N  
Go to last post Go to first unread
Last post: 1/17/2020 6:59:47 PM(UTC)