Bitlocker Enabled 1.0.0

any updates here for @twolcson request?

I got the same problem with the role detection...

Did you review this comment?

 

FWIW , I do this

 

 

and then I transfer/run this .ps1

 

# November 28, 2017 - TJY
# Generate a list of Bitlocker recovery keys and display them at the command prompt.
#

#Lift Powershell restriction
Set-ExecutionPolicy Unrestricted -Force

# Identify all the Bitlocker volumes.
$BitlockerVolumers = Get-BitLockerVolume

# For each volume, get the RecoveryPassowrd and display it.
$BitlockerVolumers |
    ForEach-Object {
        $MountPoint = $_.MountPoint 
        $RecoveryKey = [string]($_.KeyProtector).RecoveryPassword       
        if ($RecoveryKey.Length -gt 5) {
            Write-Output ("$MountPoint $RecoveryKey.")
        }        
    }

 

using a script like this against the search group. 

 

 

 

 

Now I have the recovery key on the device in an EDF. I am running it once every few days so if someone adds a drive or the recovery key changes for some reason I should have it.

 

On 6/28/2018 at 10:38 AM, mr.wallstrom said:

Edited 12/6/19, added detail to the pictures.

@fguiliano, sorry for the delay in answering here.

OK, if memory serves...  This basically just adds a role check into your automated role checks.  

You need to-

1. Create an EDF checkbox, and set the default value to UNchecked.
2. Create a "status check" script, that will change the EDF value to checked or unchecked, depending on whether the ROLE is detected...
3. Schedule this script to run on a GROUP.

NOTE:  A search based on this EDF,  can only be as accurate as the last times 

1. Inventory cycle was run on the agent template (you could either make inventory more frequent on agent template, OR you could add another script to your group to run more often, that just does a 'resend everything' on the group.  I found that I had to use resend Everything, to capture this role detection.)
2. Your status check script last ran  (if you plan to make changes, and then check up on those changes frequently, be sure to schedule this to run often.)

Once you install this package, the "role" detection is baked in, but pretty invisible.  I used this process to 'bring it to the front' where you could actually make use of it.  You can search for an EDF value, but it didn't show up as a role for me, under searches.

Pictures attached - ask away if you have any questions.  Excuse my mad artistic skills... 

In your System Dashboard-

Go to Config, Additional Field Defaults, Computers, Computer Role;

Here, you should see the new EDF, for BitlockerEnabled, as a yes/no, 1/0 valued checkbox.  (You should also be able to view the status on any given machine, by opening the machine's view, and going to the Automation, EDF, Computer Roles window.

Create yourself a SCRIPT, that looks like this.  What you see here is-

If ROLE DETECTED, "Bitlocker Enabled", then-

Set EDF "BitlockerEnabled", to = 1 (yes/checked box)

In the ELSE field on the bottom of the script, do the opposite, setting the EDF checkbox to = 0, or 'unchecked'.

Now, build yourself an Advanced Search, that you can use with GROUPS as an autojoin search.

Search for the details shown below - ROLE is true, Client name (if that matters to you, did to me,) and whether or not it's a Server (depending on your needs here.)

The search example below, was for a specific client, that only wanted to know about workstations.

Once you have the Search built, you can:

Manually run the search, and export to Excel, or-

Create a GROUP, and use this as an autojoin script, then-

Run any other commands or scripts against the entire group

All, I have edited my original picture post, to include a little more detail.  Let me know if this isn't enough, and I'll crack it open and try to improve some more.  Sorry for the delays!  You can see from the start of this thread, I was one of the early ones trying to sort this out, and Darren was a huge help.

Hi, I'm new here but I don't see an option to import this in my "Tools" section. Any ideas?