[ale] How would you ....

Raj Wurttemberg rajaw at c64.us
Fri Apr 30 07:11:37 EDT 2021


I would probably use Ansible to report on hundreds of systems, it is cross
platform and agentless.

For Windows, you just need to run the command (Administrator level account),
"manage-bde -status".  It comes back with a nice report like this:

'''
Volume C: [OS]
[OS Volume]

    Size:                 243.58 GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Key Protectors:       None Found
'''

Or with PowerShell...  (output can be JSON if needed with "
Get-BitLockerVolume | convertto-json")

'''
PS C:\WINDOWS\system32> Get-BitLockerVolume


   ComputerName: XXXXXXX

VolumeType      Mount CapacityGB VolumeStatus           Encryption
KeyProtector              AutoUnlock Protection
                Point                                   Percentage
Enabled    Status
----------      ----- ---------- ------------           ----------
------------              ---------- ----------
Data            E:      2,048.00 FullyDecrypted         0          {}
Off
Data            F:      2,560.00 FullyDecrypted         0          {}
Off
Data            G:        979.37 FullyDecrypted         0          {}
Off
OperatingSystem C:        243.58 FullyDecrypted         0          {}
Off
Data            D:        232.80 FullyDecrypted         0          {}
Off
'''

/Raj

> -----Original Message-----
> From: Ale <ale-bounces at ale.org> On Behalf Of DJ-Pfulio via Ale
> Sent: Thursday, April 29, 2021 11:10 PM
> To: Atlanta Linux Enthusiasts <ale at ale.org>
> Cc: DJ-Pfulio <DJPfulio at jdpfu.com>
> Subject: [ale] How would you ....
> 
> run a report against thousands of workstations to ensure they all use
> encrypted storage. Call it a HIPPA requirement and reporting is just as
> important as actually having the encryption deployed.
> 
> Assume Windows and Linux workstations - but linux-only is fine too.
> F/LOSS preferred for the solution.
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list