Notification

Icon
Error

Expanded Encrypted Volume Report (UEFI Boot / SecureBoot Status) - This is expanded version of the Encrypted Volume Report

Posted: Thursday, December 12, 2019 3:20:34 PM(UTC)
PeterG

PeterG

Member Original PosterPosts: 104
0
Like
I've created report that shows Boot Mode (UEFI / BIOS) if SecureBoot is Enabled/Disabled and if System Drive is Bitlocker Encrypted or Not.


In order for this report to work it requires a custom registry scan configured as follows:

Rootkey: HKEY_LOCAL_MACHINE
RegPath: SYSTEM\CurrentControlSet\Control\SecureBoot\State
RegValue: UEFISecureBootEnabled



Code:
Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblEncryptableVolume.DriveLetter,
  Case
    When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
    Else 'UNKNOWN'
  End As BitLocker,
  Case
    When tblRegistry.Value = 0 Then 'DISABLED'
    When tblRegistry.Value = 1 Then 'ENABLED'
    Else 'UNKNOWN'
  End As SecureBoot,
  Case
    When tblRegistry.Value Is Null Then 'BIOS'
    Else 'UEFI'
  End As [Boot Mode],
  tblEncryptableVolume.LastChanged,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.IPAddress,
  tblAssets.Description,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblAssetCustom.Location,
  tsysIPLocations.IPLocation,
  tsysOS.OSname As OS,
  tblAssets.SP As SP,
  tblAssets.Firstseen,
  tblAssets.Lastseen
From tblEncryptableVolume
  Inner Join tblAssets On tblEncryptableVolume.AssetId = tblAssets.AssetID
  Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
  Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID
Where
  tblRegistry.Regkey Like
  'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State' And
  tblRegistry.Valuename = 'UEFISecureBootEnabled'
Order By tblAssets.AssetName
PeterG
#1PeterG Member Original PosterPosts: 104  
posted: 12/16/2019 2:25:59 PM(UTC)
Added Partition Type of System Drive

Code:
Select Top 1000000 tsysAssetTypes.AssetTypeIcon16 As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.IPAddress,
  tblEncryptableVolume.DriveLetter,
  Case
    When tblDiskPartition.Type = 'Installable File System' Then 'MBR'
    When tblDiskPartition.Type = 'GPT: System' Then 'GPT'
    Else 'UNKNOWN'
  End As [System Partition],
  Case
    When tblEncryptableVolume.ProtectionStatus = 0 Then 'OFF'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'ON'
    Else 'UNKNOWN'
  End As BitLocker,
  Case
    When tblRegistry.Value = 0 Then 'DISABLED'
    When tblRegistry.Value = 1 Then 'ENABLED'
    Else 'UNKNOWN'
  End As SecureBoot,
  Case
    When tblRegistry.Value Is Null Then 'BIOS'
    Else 'UEFI'
  End As [Boot Mode],
  tblEncryptableVolume.LastChanged,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Description,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysIPLocations.IPLocation,
  tsysOS.OSname As OS,
  tblAssets.SP As SP,
  tblAssets.Firstseen,
  tblAssets.Lastseen
From tblEncryptableVolume
  Inner Join tblAssets On tblEncryptableVolume.AssetId = tblAssets.AssetID
  Inner Join tsysAssetTypes On tblAssets.Assettype = tsysAssetTypes.AssetType
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Left Join tsysIPLocations On tblAssets.LocationID = tsysIPLocations.LocationID
  Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID
  Inner Join tblDiskPartition On tblAssets.AssetID = tblDiskPartition.AssetID
Where (tblDiskPartition.Type = 'GPT: System' Or tblDiskPartition.Type =
    'Installable File System') And
  tblRegistry.Regkey Like
  'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State' And
  tblRegistry.Valuename = 'UEFISecureBootEnabled'
Order By tblAssets.AssetName

Active Discussions

Lansweeper Webcam report, the wrong way
by  TimHolmes1973   Go to last post Go to first unread
Last post: 10/23/2020 4:38:45 PM(UTC)
Lansweeper zerologin posted report
by  hanslepire  
Go to last post Go to first unread
Last post: 10/23/2020 8:50:59 AM(UTC)
Lansweeper Need help finishing a report for Failed Logons
by  Helpdesk15   Go to last post Go to first unread
Last post: 10/20/2020 3:10:33 PM(UTC)
Report Center Chart: Microsoft Office 365 Versions
by  craigsmith.lpi  
Go to last post Go to first unread
Last post: 10/19/2020 10:18:21 PM(UTC)
Lansweeper Russian in Report
by  EStarshinov   Go to last post Go to first unread
Last post: 10/15/2020 7:18:22 AM(UTC)
Lansweeper Asset location report with count ?
by  Argon0  
Go to last post Go to first unread
Last post: 10/14/2020 11:05:33 AM(UTC)
Lansweeper Inventory for all Connected Headphone
by  Csteenhaut   Go to last post Go to first unread
Last post: 10/8/2020 1:45:25 PM(UTC)
Lansweeper All Ticket Overview Report
by  Ryan211  
Go to last post Go to first unread
Last post: 10/6/2020 11:27:33 PM(UTC)