enable PSremoting on all laptops --best way is via GPO or any other way to do it?<\/p>\n<\/li>\n
I want to run this on a few hundreds laptops so I don’t want to manually enter my credentials<\/p>\n<\/li>\n<\/ol>\n
Function Get-OSCBitlockerStatus\n{\t\n\tparam\n\t(\n\t[Parameter(Mandatory = $False, Position = 0)]\n\t[String[]]$ComputerName,\n\t[Parameter(Mandatory = $False, Position = 1)]\n\t[String]$FilePath,\n\t[Parameter(Mandatory = $False, Position = 2)]\n\t[system.Management.Automation.PSCredential]$Credential\n\t)\n\t\n\tIf($ComputerName)\n\t{\n\t\tForeach($CN in $ComputerName)\n\t\t{\n\t\t\t\tGetStatus -ComputerName $CN\n\t\t}\n\t}\n\tElseIf($FilePath)\n\t{\n\t\t#Get content from the file \n\t\tIf(Test-Path -Path $FilePath)\n\t\t{\n\t\t\t$CNCol = Get-Content -Path $FilePath\n\t\t\tForeach($CN in $CNCol)\n\t\t\t{\n\t\t\t\t\tGetStatus -ComputerName $CN\n\t\t\t}\n\t\t}\n\t\tElse\n\t\t{\n\t\t\tWrite-Error \"Find the specified file.please try again.\"\n\t\t}\n\t}\n\tElse\n\t{\t\n\t\t\n\t\tTry\n\t\t{\n\t\t\tmanage-bde -cn $Env:COMPUTERNAME -status | select -Skip 2\n\t\t}\n\t\tCatch\n\t\t{\n\t\t\tWrite-Error \"Check if Bitlocker Drive Encryption is enabled.\"\n\t\t}\n\t}\n\t\n}\n<\/code><\/pre>\nFunction GetStatus($ComputerName)\n{\n\t#Script block\n\t$Scope = { manage-bde -cn $Env:COMPUTERNAME -status }\n\tTry\n\t{\n\t\t#Invoke command to remoted computer\n\t\t$Obj = Invoke-Command -ComputerName $ComputerName -Credential $Credential dc1\\tester -ScriptBlock $Scope\n\t\t$Obj | select -First ($Obj.length-1) | select -Skip 3\n\t}\n\tCatch \n\t{\n\t Write-Error $_ \n\t}\n\tWrite-Host \n}\n<\/code><\/pre>\nthen I run this in powershell console:<\/p>\n
Get-OSCBitlockerStatus -FilePath “C:\\computers.txt” -Credential $cre<\/p>","upvoteCount":3,"answerCount":4,"datePublished":"2015-07-21T17:20:55.000Z","author":{"@type":"Person","name":"ginger6412","url":"https://community.spiceworks.com/u/ginger6412"},"acceptedAnswer":{"@type":"Answer","text":"
\n- enable PSremoting on all laptops --best way is via GPO or any other way to do it?<\/li>\n<\/ol>\n
If you are dealing with domain computer, then yes, GPO is the way to go<\/p>\n
\n- I want to run this on a few hundreds laptops so I don’t want to manually enter my credentials<\/li>\n<\/ol>\n
Change this:<\/p>\n
[system.Management.Automation.PSCredential]$Credential\n<\/code><\/pre>\nto this:<\/p>\n
[system.Management.Automation.CredentialAttribute()]$Credential\n<\/code><\/pre>\nAlso, your invoke-command line has a typo:<\/p>\n
$Obj = Invoke-Command -ComputerName $ComputerName -Credential $Credential -ScriptBlock $Scope\n<\/code><\/pre>\nSo all that aside, manage-bde has a -cn parameter for remote computers, so Invoke-Command may not be necessary.<\/p>","upvoteCount":1,"datePublished":"2015-07-21T17:41:09.000Z","url":"https://community.spiceworks.com/t/powershell-to-pull-bitlocker-encryption-status/421244/2","author":{"@type":"Person","name":"mattmcnabb","url":"https://community.spiceworks.com/u/mattmcnabb"}},"suggestedAnswer":[{"@type":"Answer","text":"
I found two scripts to get BitLocker Encryption status but my challenging are<\/p>\n
\n- \n
enable PSremoting on all laptops --best way is via GPO or any other way to do it?<\/p>\n<\/li>\n
- \n
I want to run this on a few hundreds laptops so I don’t want to manually enter my credentials<\/p>\n<\/li>\n<\/ol>\n
Function Get-OSCBitlockerStatus\n{\t\n\tparam\n\t(\n\t[Parameter(Mandatory = $False, Position = 0)]\n\t[String[]]$ComputerName,\n\t[Parameter(Mandatory = $False, Position = 1)]\n\t[String]$FilePath,\n\t[Parameter(Mandatory = $False, Position = 2)]\n\t[system.Management.Automation.PSCredential]$Credential\n\t)\n\t\n\tIf($ComputerName)\n\t{\n\t\tForeach($CN in $ComputerName)\n\t\t{\n\t\t\t\tGetStatus -ComputerName $CN\n\t\t}\n\t}\n\tElseIf($FilePath)\n\t{\n\t\t#Get content from the file \n\t\tIf(Test-Path -Path $FilePath)\n\t\t{\n\t\t\t$CNCol = Get-Content -Path $FilePath\n\t\t\tForeach($CN in $CNCol)\n\t\t\t{\n\t\t\t\t\tGetStatus -ComputerName $CN\n\t\t\t}\n\t\t}\n\t\tElse\n\t\t{\n\t\t\tWrite-Error \"Find the specified file.please try again.\"\n\t\t}\n\t}\n\tElse\n\t{\t\n\t\t\n\t\tTry\n\t\t{\n\t\t\tmanage-bde -cn $Env:COMPUTERNAME -status | select -Skip 2\n\t\t}\n\t\tCatch\n\t\t{\n\t\t\tWrite-Error \"Check if Bitlocker Drive Encryption is enabled.\"\n\t\t}\n\t}\n\t\n}\n<\/code><\/pre>\nFunction GetStatus($ComputerName)\n{\n\t#Script block\n\t$Scope = { manage-bde -cn $Env:COMPUTERNAME -status }\n\tTry\n\t{\n\t\t#Invoke command to remoted computer\n\t\t$Obj = Invoke-Command -ComputerName $ComputerName -Credential $Credential dc1\\tester -ScriptBlock $Scope\n\t\t$Obj | select -First ($Obj.length-1) | select -Skip 3\n\t}\n\tCatch \n\t{\n\t Write-Error $_ \n\t}\n\tWrite-Host \n}\n<\/code><\/pre>\nthen I run this in powershell console:<\/p>\n
Get-OSCBitlockerStatus -FilePath “C:\\computers.txt” -Credential $cre<\/p>","upvoteCount":3,"datePublished":"2015-07-21T17:20:55.000Z","url":"https://community.spiceworks.com/t/powershell-to-pull-bitlocker-encryption-status/421244/1","author":{"@type":"Person","name":"ginger6412","url":"https://community.spiceworks.com/u/ginger6412"}},{"@type":"Answer","text":"
thank you for the reply. Actually I found this two scripts . I have to run twice of these two scripts.<\/p>\n
I want to export the result to a spread sheet.<\/p>\n
I will try the changes.<\/p>","upvoteCount":0,"datePublished":"2015-07-21T19:08:27.000Z","url":"https://community.spiceworks.com/t/powershell-to-pull-bitlocker-encryption-status/421244/3","author":{"@type":"Person","name":"ginger6412","url":"https://community.spiceworks.com/u/ginger6412"}},{"@type":"Answer","text":"
Hi, All:<\/p>\n
Is it possible to have powershell to show the Bitlocker Recovery detail?<\/p>\n
Mgmt would like is to have a weekly/monthly report on all the laptops and their bitlocker recovery detail sent to our help desk. That way we can make sure which laptop is missing the bitlocker or recovery password information in AD.<\/p>\n
I found this script , looks working but only for one PC, not for multiple remote PCs.<\/p>\n
[cmdletBinding()]\nParam(\n [Parameter(Mandatory=$false,ValueFromPipeLine=$false)]\n [ValidateSet(\"Alltypes\",\"TPM\",\"ExternalKey\",\"NumericPassword\",\"TPMAndPin\",\"TPMAndStartUpdKey\",\"TPMAndPinAndStartUpKey\",\"PublicKey\",\"PassPhrase\",\"TpmCertificate\",\"SID\")]\n $KeyProtectorType\n)\n \n $BitLocker = Get-WmiObject -Namespace \"Root\\cimv2\\Security\\MicrosoftVolumeEncryption\" -Class \"Win32_EncryptableVolume\"\n \n \n \n switch ($KeyProtectorType){\n (\"Alltypes\") {$Value = \"0\"}\n (\"TPM\") {$Value = \"1\"}\n (\"ExternalKey\") {$Value = \"2\"}\n (\"NumericPassword\") {$Value = \"3\"}\n (\"TPMAndPin\") {$Value = \"4\"}\n (\"TPMAndStartUpdKey\") {$Value = \"5\"}\n (\"TPMAndPinAndStartUpKey\") {$Value = \"6\"}\n (\"PublicKey\") {$Value = \"7\"}\n (\"PassPhrase\") {$Value = \"8\"}\n (\"TpmCertificate\") {$Value = \"9\"}\n (\"SID\") {$Value = \"10\"}\n default {$Value = \"0\"}\n \n}\n $Ids = $BitLocker.GetKeyProtectors($Value).volumekeyprotectorID\n return $ids\n }\n<\/code><\/pre>","upvoteCount":0,"datePublished":"2015-07-23T20:57:37.000Z","url":"https://community.spiceworks.com/t/powershell-to-pull-bitlocker-encryption-status/421244/4","author":{"@type":"Person","name":"ginger6412","url":"https://community.spiceworks.com/u/ginger6412"}}]}}
