Last active
September 26, 2024 18:23
-
-
Save dotps1/1c6eb06e6805de3fa5d0edf46706a967 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Gets the current status of BitLocker. | |
| .DESCRIPTION | |
| Tests the current status of BitLocker Drive Encryption on an Encryptable Volume. Only returns true if the volume is fully encrypted and the protection status is on. | |
| .INPUTS | |
| System.String. | |
| .OUTPUTS | |
| System.Management.Automation.PSObject | |
| .PARAMETER ComputerName | |
| System to evaluate BitLocker against. | |
| .PARAMETER DriveLetter | |
| Drive letter to evaluate BitLocker against. if NullOrEmpty the default SystemDrive will be used. | |
| .EXAMPLE | |
| Get-BitLockerStatus | |
| .EXAMPLE | |
| Get-BitLockerStatus -ComputerName "mycomputer.mydomain.com" -DriveLetter C: | |
| .NOTES | |
| If no drive letter is specified, the default system drive will be used. | |
| The drive letter must be followed with a double colon. IE: "C:". | |
| .LINK | |
| http://msdn.microsoft.com/en-us/library/windows/desktop/aa376483%28v%20=%20vs.85%29.aspx | |
| .LINK | |
| http://dotps1.github.io | |
| #> | |
| Function Get-BitLockerStatus { | |
| [CmdletBinding()] | |
| [OutputType( | |
| [PSObject] | |
| )] | |
| Param ( | |
| [Parameter( | |
| ValueFromPipeline = $true | |
| )] | |
| [ValidateScript({ | |
| if (Test-Connection -ComputerName $_ -Quiet -Count 2){ | |
| $true | |
| } | |
| })] | |
| [String[]] | |
| $ComputerName = $env:COMPUTERNAME, | |
| [Parameter( | |
| HelpMessage = "Drive letter format must be letter followed by colon, 'C:'" | |
| )] | |
| [ValidatePattern( | |
| '[a-zA-Z]:' | |
| )] | |
| [String] | |
| $DriveLetter | |
| ) | |
| Process { | |
| foreach ($item in $ComputerName) { | |
| if (-not ($DriveLetter)) { | |
| try { | |
| $drive = Get-WmiObject Win32_OperatingSystem -Namespace 'root\CIMV2' -ComputerName $item -Property SystemDrive -ErrorAction Stop | |
| $volume = Get-WmiObject -Class Win32_EncryptableVolume -Namespace 'root\CIMV2\Security\MicrosoftVolumeEncryption' -Filter "DriveLetter = '$($drive.SystemDrive)'" -ComputerName $item -ErrorAction Stop | |
| } | |
| catch { | |
| throw $_ | |
| } | |
| } else { | |
| try { | |
| $volume = Get-WmiObject -Class Win32_EncryptableVolume -Namespace "root\CIMV2\Security\MicrosoftVolumeEncryption" -Filter "DriveLetter = '$DriveLetter'" -ComputerName $item -ErrorAction Stop | |
| if ($volume -eq $null) { | |
| throw "Failed to enumarate the Win32_EncryptableVolume Namespace for $DriveLetter. Please make sure the drive letter is correct and that the volume is accessable." | |
| } | |
| } catch { | |
| throw $_ | |
| } | |
| } | |
| switch ($volume.GetConversionStatus().ConversionStatus) { | |
| 0 { $state = 'FullyDecrypted' } | |
| 1 { $state = 'FullyEncrypted' } | |
| 2 { $state = 'EncryptionInProgress' } | |
| 3 { $state = 'DecryptionInProgress' } | |
| 4 { $state = 'EncryptionPaused' } | |
| 5 { $state = 'DecryptionPaused' } | |
| default { $state = 'Unknwon' } | |
| } | |
| if ($volume.GetProtectionStatus().ProtectionStatus -eq 0) { | |
| $protection = "ProtectionOff" | |
| } else { | |
| $protection = "ProtectionOn" | |
| } | |
| $bdeStatus = [HashTable] @{ | |
| 'PSComputerName' = $item | |
| 'Protection' = $protection | |
| 'State' = $state | |
| 'Percentage' = $volume.GetConversionStatus().EncryptionPercentage | |
| } | |
| Write-Output -InputObject $bdeStatus | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment