We have been enabling Bitlocker using the MS Script which updates AD with the Key and Owner Information. In an effort to see which machines have been bitlockered I was asked to come up with an process to do this. Being a sys admin ofcourse I looked for an automated way to complete this as we always do (work smarter, not harder I like to say). The below script is mostly riped off another user but modified to work on my environment and add some “features” That were asked of me.<\/p>\n
First you are going to need to install the Quest Active directory Plugin for Powershell.. google it and install. Ofcourse you are going to need to change the settings to save the file where you want it to, and remove the fields you dont want.<\/p>\n
Bitlocker.ps1<\/p>\n
[code]<\/p>\n
# Check if the Quest Snapin is loaded already, and load if not
\nif ( (Get-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) -eq $null )
\n{
\n\u00a0Add-PSSnapin Quest.ActiveRoles.ADManagement
\n}
\n\u00a0
\n#Custom variables
\n$CsvFilePath = “Q:BitLockerComputerReport.csv”<\/p>\n
#Checks if File is already there, if so deleteds. did this just to be clean
\nif (Test-Path $CsvFilePath)
\n\u00a0\u00a0\u00a0 {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Remove-Item $CsvFilePath -recurse
\n\u00a0\u00a0\u00a0 }
\n\u00a0\u00a0\u00a0
\n#Export computers Bitlocker-enabled status to a CSV-file
\n$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties Name,ParentContainer | Where-Object {$_.type -eq “msFVE-RecoveryInformation”} | Foreach-Object {Split-Path -Path $_.ParentContainer -Leaf} | Select-Object -Unique
\n$computers = Get-QADComputer -SizeLimit 0 -IncludedProperties Name,OperatingSystem,Location,adminDescription,msTPM-OwnerInformation | Where-Object {$_.operatingsystem -like “Windows 7*” -or $_.operatingsystem -like “Windows Vista*” -or $_.operatingsystem -like “Windows XP*”}\u00a0 | Sort-Object Name
\n\u00a0
\n#Create array to hold computer information
\n$export = @()
\n\u00a0
\n\u00a0foreach ($computer in $computers)
\n\u00a0 \u00a0{
\n\u00a0\u00a0 \u00a0#Create custom object for each computer
\n\u00a0$computerobj = New-Object -TypeName psobject
\n\u00a0\u00a0\u00a0\u00a0
\n\u00a0\u00a0\u00a0 \u00a0#Add name and operatingsystem, Location and adminValue to custom object
\n\u00a0\u00a0\u00a0 \u00a0$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value $computer.Name
\n\u00a0\u00a0\u00a0 \u00a0$computerobj | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $computer.operatingsystem
\n\u00a0\u00a0\u00a0 \u00a0$computerobj | Add-Member -MemberType NoteProperty -Name Location -Value $computer.location
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 #check if Virtual is in the adminDescription Field
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if ($computer.adminDescription -match “Virtual”)
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $computerobj | Add-Member -MemberType NoteProperty -Name adminDescription -Value $computer.adminDescription
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 #If not add physical to CSV file so we can graph it out on sharepoint
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 else
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $computerobj | Add-Member -MemberType NoteProperty -Name adminDescription -Value “physical”
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0
\n\u00a0\u00a0\u00a0 \u00a0#Set HasBitlockerRecoveryKey to true or false, based on matching against the computer-collection with BitLocker recovery information
\n\u00a0\u00a0\u00a0 \u00a0if ($computer.name -match (‘(‘ + [string]::Join(‘)|(‘, $bitlockerenabled) + ‘)’))
\n\u00a0\u00a0\u00a0\u00a0 {
\n\u00a0\u00a0\u00a0 \u00a0\u00a0$computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $true
\n\u00a0\u00a0\u00a0 \u00a0}
\n\u00a0\u00a0\u00a0 \u00a0else
\n\u00a0\u00a0\u00a0 \u00a0{
\n\u00a0\u00a0\u00a0 \u00a0\u00a0$computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $false
\n\u00a0\u00a0\u00a0 \u00a0}
\n\u00a0\u00a0\u00a0\u00a0
\n\u00a0\u00a0\u00a0\u00a0
\n\u00a0#Add the computer object to the array with computer information
\n\u00a0$export += $computerobj
\n\u00a0
\n\u00a0 \u00a0}
\n\u00a0
\n#Export the array with computerinformation to the user-specified path
\n$export | Export-Csv -Path $CsvFilePath -NoTypeInformation<\/p>\n
[\/code]<\/p>\n
<\/p>\n
Next post (part 2) I will show how I then took this list and uploaded it to a SharePoint List for using with Fusion Charts, remember the “working smarter not harder” saying because the boss wanted sorting done on the above csv, and colors, and graphs so soon after the above was finished i found myself spending many minutes making it pretty.<\/p>\n","protected":false},"excerpt":{"rendered":"
We have been enabling Bitlocker using the MS Script which updates AD with the Key and Owner Information. In an effort to see which machines have been bitlockered I was asked to come up with an process to do this. Being a sys admin ofcourse I looked for an automated… Continue reading