Run Manage-BDE -Status across Domain.

austinthome · 2018-06-05T15:15:06.000Z

Trying to run a report in Powershell that will ping all reachable computers in AD and fetch their encryption status.

I can use the following to get the encryption status of my own machine: “manage-bde -status -computername ”. So I want to basically replicate this automatically across all computers in the domain. Any ideas?

Neally · 2018-06-05T17:44:27.000Z

Do you have AD or a list of all computers? You can just run a foreach script for that.

$computers = #either AD or import a list
foreach($Computer in $computer){
    manage-bde -status -computername $computer
}

Also you could invoke it, not sure what’s ‘better’

$computers = #either AD or import a list
foreach($Computer in $computer){
    invoke-command -computername $computer -scriptblock {    
        manage-bde -status
    }
}

DoctorDNS · 2018-06-05T19:12:31.000Z

What have you tried so far?

austinthome · 2018-06-08T13:41:38.000Z

All, thanks for the replies. I actually found a script for this elsewhere, which I’ll post here

Function Get-BitlockerInfo()
<#
.SYNOPSIS
Retrieves Bitlocker Encryption information.
.DESCRIPTION
Retrieves Bitlocker Encryption information from Multiple computers.
.PARAMETER Machinelist
File name and path of the file contains machine information.
.B.N.E
Bit-locker Not Enabled
.EXAMPLE
Get-BitlockerInfo -Machinelist C:\Users\athome.TSYSTEM\Documents\computers.txt -LogfileName C:\Users\athome.TSYSTEM\Documents\Bitlocker1.csv
.CREATED BY
Jijo Chacko,jijochacko2005@gmail.com
#>
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)][string]$Machinelist,
[Parameter(Mandatory=$True)] [String]$LogfileName
)
Clear-Host
$machines=Get-Content -Path $Machinelist
$Bitlockerforprint=@()
Foreach($Computer in $Machines)
{
$ping = Test-Connection $Computer -Count 1 -ErrorAction SilentlyContinue
if ($ping.statuscode -eq 0)
{
Try
{
$EncryptionStatus=Manage-bde -computername $Computer -status C:
$Size=$EncryptionStatus|Where-Object{$_ -like ‘Size:’}
If ($size -ne $null)
{
$Newsize=$size.Substring(26)
}
Else
{
$Newsize=“B.N.E”

}
$Conversionstatus=$EncryptionStatus|Where-Object{$_ -like ‘Conversion Status:’}
If ($Conversionstatus -ne $null)
{
$newConversionstatus=$Conversionstatus.Substring(26)
}
Else
{
$newConversionstatus=“B.N.E”

}
$Percentage=$EncryptionStatus|Where-Object{$_ -like ‘Percentage Encrypted:’}
If ($Percentage -ne $null)
{
$newpercentage=$Percentage.Substring(26)
}
Else
{
$newpercentage=“B.N.E”

}
$Protectionstatus=$EncryptionStatus|Where-Object{$_ -like ‘Protection Status:’}
If ($Protectionstatus -ne $null)
{
$newprotectionstatus=$Protectionstatus.Substring(26)
}
Else
{
$newprotectionstatus =“B.N.E”

}

$details=New-object psobject
$details|Add-Member -Type NoteProperty -Name “Computer Name” -Value $Computer
$details|Add-Member -Type NoteProperty -Name Size -Value $Newsize
$details|Add-Member -Type NoteProperty -Name “Percentage Completed” -Value $newpercentage
$details|Add-Member -Type NoteProperty -Name “Protection Status” -Value $newprotectionstatus
$details|Add-Member -Type NoteProperty -Name “Conversion Status” -Value $newConversionstatus
$Bitlockerforprint += $details
$Newsize= $null
$newpercentage = $null
$newprotectionstatus = $null
$newConversionstatus = $null

}
Catch
{
Write-Host ($_.Exception.Message) -ForegroundColor Red
}
}
Else
{
Write-Warning "Destination Host Unreachable $Computer "
}
}
$Bitlockerforprint|Select-Object “Computer Name”,Size,“Percentage Completed”,“Conversion Status”,“Protection Status”|format-table -AutoSize
$Bitlockerforprint|Select-Object “Computer Name”,Size,“Percentage Completed”,“Conversion Status”,“Protection Status”|Export-Csv $LogfileName -force -encoding “unicode” -NoClobber
}