BitLocker Information via Hardware Inventory

Gathering Bitlocker information on your drives using a script + mof edit into Configmgr.  Eyona has posted a vbscript method which tied into creating a noidmif file.  Well, for those of you who know me, I personally try to never ever enable the idmif and noidmif file inventory methods on my sites.

So I’ve stolen 90% of Eyona’s script, and modified it just enough to drop the information into WMI instead.

Attached is the script, and below is the mof edit you would place at the bottom of your <installed location>\inboxes\clifiles.src\hinv\sms_def.mof file on your primary site(s)

To implement, advertise the attached script (probably similar to cscript.exe NameOfTheScript.vbs) to all Bitlocker-capable computers, whether or not user is logged in.  After WMI has been populated via the script, the next hardware inventory will transmit the script-gathered information to your ConfigMgr database.  I suggest the advertisement run on a recurring schedule, so that the information is updated occasionally.  You can use the ‘scriptlastran’ to know per client when the script was last run.

//  <:[-<>>>>>>>>>>>Start>>-BitLocker-<<Start<<<<<<<<<>-]:>
//`’`*._.*`’`*-
//  BitLocker Reporting Class, for use with Script
//`’`*._.*`’`*-
#pragma namespace(\\\\.\\root\\cimv2\\SMS)
#pragma deleteclass(“SCCM_BitLocker”,NOFAIL)

[ SMS_Report     (TRUE),
SMS_Group_Name ("SCCM_BitLocker"),
SMS_Class_ID   ("CUSTOM|SCCM_BitLocker|1.0") ]
class SCCM_BitLocker : SMS_Class_Template
{
[SMS_Report (TRUE), key ] string Drive;
[SMS_Report (TRUE)] string DriveLabel;
[SMS_Report (TRUE)] string Size;
[SMS_Report (TRUE)] string BitLocker_Version;
[SMS_Report (TRUE)] string Conversion_Status;
[SMS_Report (TRUE)] string Percentage_Encrypted;
[SMS_Report (TRUE)] string Encryption_Method;
[SMS_Report (TRUE)] string Protection_Status;
[SMS_Report (TRUE)] string Lock_Status;
[SMS_Report (TRUE)] string Identification_Field;
[SMS_Report (TRUE)] string Key_Protectors;
[SMS_Report (TRUE)] string Automatic_Unlock;
[SMS_Report (TRUE)] string ScriptLastRan;
};
//  <:[-<>>>>>>>>>>>END>>-BitLocker-<<END<<<<<<<<<>-]:>

email

Written by , Posted .
  • Connor Humphries

    Hey, this is sweet, but we’re trying to Implement something exactly like this is an SCCM 2012 environment and I wondered if you had any help or info on doing that?