Your company's ad could live here and reach over 50,000 people a month!

Share This Post

BitLocker Information via Hardware Inventory

Gathering Bitlocker information on your drives using a script + mof edit into Configmgr.  Eyona has posted a vbscript method which tied into creating a noidmif file.  Well, for those of you who know me, I personally try to never ever enable the idmif and noidmif file inventory methods on my sites.

So I’ve stolen 90% of Eyona’s script, and modified it just enough to drop the information into WMI instead.

Attached is the script, and below is the mof edit you would place at the bottom of your <installed location>\inboxes\clifiles.src\hinv\sms_def.mof file on your primary site(s)

To implement, advertise the attached script (probably similar to cscript.exe NameOfTheScript.vbs) to all Bitlocker-capable computers, whether or not user is logged in.  After WMI has been populated via the script, the next hardware inventory will transmit the script-gathered information to your ConfigMgr database.  I suggest the advertisement run on a recurring schedule, so that the information is updated occasionally.  You can use the ‘scriptlastran’ to know per client when the script was last run.

//  <:[-<>>>>>>>>>>>Start>>-BitLocker-<<Start<<<<<<<<<>-]:>
//  BitLocker Reporting Class, for use with Script
#pragma namespace(\\\\.\\root\\cimv2\\SMS)
#pragma deleteclass(“SCCM_BitLocker”,NOFAIL)

[ SMS_Report     (TRUE),
SMS_Group_Name (“SCCM_BitLocker”),
SMS_Class_ID   (“CUSTOM|SCCM_BitLocker|1.0”) ]
class SCCM_BitLocker : SMS_Class_Template
[SMS_Report (TRUE), key ] string Drive;
[SMS_Report (TRUE)] string DriveLabel;
[SMS_Report (TRUE)] string Size;
[SMS_Report (TRUE)] string BitLocker_Version;
[SMS_Report (TRUE)] string Conversion_Status;
[SMS_Report (TRUE)] string Percentage_Encrypted;
[SMS_Report (TRUE)] string Encryption_Method;
[SMS_Report (TRUE)] string Protection_Status;
[SMS_Report (TRUE)] string Lock_Status;
[SMS_Report (TRUE)] string Identification_Field;
[SMS_Report (TRUE)] string Key_Protectors;
[SMS_Report (TRUE)] string Automatic_Unlock;
[SMS_Report (TRUE)] string ScriptLastRan;
//  <:[-<>>>>>>>>>>>END>>-BitLocker-<<END<<<<<<<<<>-]:>

Share This Post

Sherry Kissinger is a App Systems Engineer with Wells Fargo. She has been working with SMS since version 2.0. She participates in Microsoft newsgroups, forums on and the mailing list. She also specializes in automating software deployment using Windows Installer, Transforms, and vbscripting. She also answers questions posed to the ""

1 Comment

  1. Hey, this is sweet, but we’re trying to Implement something exactly like this is an SCCM 2012 environment and I wondered if you had any help or info on doing that?

Leave a Reply