BitLocker Information via Hardware Inventory
Edit 3/31/2011: This might be a better way: http://thomasgud.wordpress.com/2011/02/19/bitlocker-and-sccm/
Gathering Bitlocker information on your drives using a script + mof edit into Configmgr. Eyona has posted a vbscript method which tied into creating a noidmif file. Well, for those of you who know me, I personally try to never ever enable the idmif and noidmif file inventory methods on my sites.
So I've stolen 90% of Eyona's script, and modified it just enough to drop the information into WMI instead.
Attached is the script, and below is the mof edit you would place at the bottom of your <installed location>\inboxes\clifiles.src\hinv\sms_def.mof file on your primary site(s)
To implement, advertise the attached script (probably similar to cscript.exe NameOfTheScript.vbs) to all Bitlocker-capable computers, whether or not user is logged in. After WMI has been populated via the script, the next hardware inventory will transmit the script-gathered information to your ConfigMgr database. I suggest the advertisement run on a recurring schedule, so that the information is updated occasionally. You can use the 'scriptlastran' to know per client when the script was last run.
// <:[-<>>>>>>>>>>>Start>>-BitLocker-<<Start<<<<<<<<<>-]:>
//`'`*._.*`'`*-
// BitLocker Reporting Class, for use with Script
//`'`*._.*`'`*-
#pragma namespace("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("SCCM_BitLocker",NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("SCCM_BitLocker"),
SMS_Class_ID ("CUSTOM|SCCM_BitLocker|1.0") ]
class SCCM_BitLocker : SMS_Class_Template
{
[SMS_Report (TRUE), key ] string Drive;
[SMS_Report (TRUE)] string DriveLabel;
[SMS_Report (TRUE)] string Size;
[SMS_Report (TRUE)] string BitLocker_Version;
[SMS_Report (TRUE)] string Conversion_Status;
[SMS_Report (TRUE)] string Percentage_Encrypted;
[SMS_Report (TRUE)] string Encryption_Method;
[SMS_Report (TRUE)] string Protection_Status;
[SMS_Report (TRUE)] string Lock_Status;
[SMS_Report (TRUE)] string Identification_Field;
[SMS_Report (TRUE)] string Key_Protectors;
[SMS_Report (TRUE)] string Automatic_Unlock;
[SMS_Report (TRUE)] string ScriptLastRan;
};
// <:[-<>>>>>>>>>>>END>>-BitLocker-<<END<<<<<<<<<>-]:>
Notes: originally from this forum thread.
Edit: dvanderuit posted how he leveraged this information to confirm settings were applied as expected based on his GPO settings: http://www.buit.org/2010/08/18/howto-bitlocker-status-reporting-in-sccm-2007/