<html><head></head><body>Nice.<br><br>I was going to suggest a linux-based pxe boot that auto runs dd if=/dev/random of=/dev/sd[[:alpha:]] to ensure the drives are encrypted. Windows admins don't let me get near their systems any more. <br><br>Fuzzy memory. There's a tool I used many years ago for pulling data like this from windows systems in a large corp environment using a shared AD password. Network tool on Linux that connected to a port.... auth happens.... request variable values... something. I used it to pull names and versions of all install software but it could pull anything known by the windows box. Dang. Can't remember the tool name. I'll look.<br><br><div class="gmail_quote">On April 30, 2021 7:11:37 AM EDT, Raj Wurttemberg via Ale <ale@ale.org> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">I would probably use Ansible to report on hundreds of systems, it is cross<br>platform and agentless.<br><br>For Windows, you just need to run the command (Administrator level account),<br>"manage-bde -status". It comes back with a nice report like this:<br><br>'''<br>Volume C: [OS]<br>[OS Volume]<br><br> Size: 243.58 GB<br> BitLocker Version: None<br> Conversion Status: Fully Decrypted<br> Percentage Encrypted: 0.0%<br> Encryption Method: None<br> Protection Status: Protection Off<br> Lock Status: Unlocked<br> Identification Field: None<br> Key Protectors: None Found<br>'''<br><br>Or with PowerShell... (output can be JSON if needed with "<br>Get-BitLockerVolume | convertto-json")<br><br>'''<br>PS C:\WINDOWS\system32> Get-BitLockerVolume<br><br><br> ComputerName: XXXXXXX<br><br>VolumeType Mount CapacityGB VolumeStatus Encryption<br>KeyProtector AutoUnlock Protection<br> Point Percentage<br>Enabled Status<br>---------- ----- ---------- ------------ ----------<br>------------ ---------- ----------<br>Data E: 2,048.00 FullyDecrypted 0 {}<br>Off<br>Data F: 2,560.00 FullyDecrypted 0 {}<br>Off<br>Data G: 979.37 FullyDecrypted 0 {}<br>Off<br>OperatingSystem C: 243.58 FullyDecrypted 0 {}<br>Off<br>Data D: 232.80 FullyDecrypted 0 {}<br>Off<br>'''<br><br>/Raj<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">-----Original Message-----<br>From: Ale <ale-bounces@ale.org> On Behalf Of DJ-Pfulio via Ale<br>Sent: Thursday, April 29, 2021 11:10 PM<br>To: Atlanta Linux Enthusiasts <ale@ale.org><br>Cc: DJ-Pfulio <DJPfulio@jdpfu.com><br>Subject: [ale] How would you ....<br><br>run a report against thousands of workstations to ensure they all use<br>encrypted storage. Call it a HIPPA requirement and reporting is just as<br>important as actually having the encryption deployed.<br><br>Assume Windows and Linux workstations - but linux-only is fine too.<br>F/LOSS preferred for the solution.<hr>Ale mailing list<br>Ale@ale.org<br><a href="https://mail.ale.org/mailman/listinfo/ale">https://mail.ale.org/mailman/listinfo/ale</a><br>See JOBS, ANNOUNCE and SCHOOLS lists at<br><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br></blockquote><hr>Ale mailing list<br>Ale@ale.org<br><a href="https://mail.ale.org/mailman/listinfo/ale">https://mail.ale.org/mailman/listinfo/ale</a><br>See JOBS, ANNOUNCE and SCHOOLS lists at<br><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br></pre></blockquote></div><br>-- <br>Computers amplify human error<br>Super computers are really cool</body></html>