Reporting on Bitlocker encryption method

JTaylor0611 · November 19, 2019, 7:31pm

anyone have any luck with reporting on Bitlocker encryption method for example AES 128, AES 256, etc. I have attempted the following code from here but didn’t have much luck ……any help would be great

tuple string items (integer values of selects ("* from win32_EncryptableVolume") whose(name of it = “EncryptionMethod”) of WMIs “root\CIMv2\Security\MicrosoftVolumeEncryption”) of “N/A, AES 128 With Diffuser, AES 256 With Diffuser, AES 128, AES 256”

alinder · November 19, 2019, 7:34pm

What about this is not working for you? Can you paste the output of a QnA prompt?

JTaylor0611 · November 19, 2019, 7:35pm

this is my result when I try this on my current machine…

Q:tuple string items (integer values of selects ("* from win32_EncryptableVolume") whose(name of it = “EncryptionMethod”) of WMIs “root\CIMv2\Security\MicrosoftVolumeEncryption”) of "N/A, AES 128 With Diffuser, AES 256 With Diffuser, AES 128, AES 256"
T: 20.898 ms

alinder · November 19, 2019, 9:19pm

How about this?

selects ("* from win32_EncryptableVolume") of WMIs "root\CIMv2\Security\MicrosoftVolumeEncryption"

Have you tested it across your install base? When I was doing this in the field I would occasionally see weird computers that claimed that WMI namespace didn’t exist or things like that. For what it’s worth, here are those two relevance clauses against a VM I’m running:

q: selects ("* from win32_EncryptableVolume") whose(name of it = "EncryptionMethod") of WMIs "root\CIMv2\Security\MicrosoftVolumeEncryption"
A: EncryptionMethod=0
T: 24.330 ms
I: plural wmi select

q: tuple string items (integer values of selects ("* from win32_EncryptableVolume") whose(name of it = "EncryptionMethod") of WMIs "root\CIMv2\Security\MicrosoftVolumeEncryption") of "N/A, AES 128 With Diffuser, AES 256 With Diffuser, AES 128, AES 256"
A: N/A
T: 14.075 ms
I: plural string

Maybe you could start as simple as exists wmi and/or exists wmi "root\CIMv2\Security\MicrosoftVolumeEncryption"

JTaylor0611 · November 20, 2019, 12:04pm

thanks , this is what I ended up using…

string values of selects “EncryptionMethod from Win32_EncryptableVolume” of wmi “Root\CIMV2\Security\MicrosoftVolumeEncryption”

I appreciate the help

jackthrppr · December 26, 2019, 8:51pm

I am running a similar issue. I am using the same code, HOWEVER some machines are reporting the encryption method and some are not. The ones that are not reporting their encryption method are still reporting that they are encrypted though.