How to get some information on Bitlocker using VBScript and WMI?

Posted by on Sep 28, 2010 in VBScript, WMI | 6 comments

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48)

Dim arEncryptionMethod
arEncryptionMethod = Array("None", "AES 128 With Diffuser", "AES 256 With Diffuser", "AES 128", "AES 256")

Dim arProtectionStatus
arProtectionStatus = Array("Protection Off", "Protection On", "Protection Unknown")

Dim arConversionStatus
arConversionStatus = Array("Fully Decrypted", "Fully Encrypted", "Encryption In Progress", "Decryption In Progress", "Encryption Paused", "Decryption Paused")

Dim arLockStatus
arLockStatus = Array("Unlocked", "Locked")

For Each objItem in colItems
  Dim EncryptionMethod
  Dim ProtectionStatus
  Dim ConversionStatus
  Dim EncryptionPercentage 'Percentage of the volume that is encrypted
  Dim VolumeKeyProtectorID
  Dim LockStatus

  objItem.GetEncryptionMethod EncryptionMethod
  objItem.GetProtectionStatus ProtectionStatus
  objItem.GetConversionStatus ConversionStatus, EncryptionPercentage
  objItem.GetKeyProtectors 0,VolumeKeyProtectorID
  objItem.GetLockStatus LockStatus

  WScript.Echo "DeviceID: " & objItem.DeviceID
  Wscript.Echo "DriveLetter: " & objItem.DriveLetter
  Wscript.Echo "EncryptionMethod: " & arEncryptionMethod(EncryptionMethod)
  Wscript.Echo "ProtectionStatus: " & arProtectionStatus(ProtectionStatus)
  Wscript.Echo "ConversionStatus: " & arConversionStatus(ConversionStatus)
  Wscript.Echo "EncryptionPercentage: " & EncryptionPercentage & "%"
  Wscript.Echo "LockStatus: " & arLockStatus(LockStatus)

  For Each objId in VolumeKeyProtectorID
    Dim VolumeKeyProtectorFriendlyName
    objItem.GetKeyProtectorFriendlyName objId, VolumeKeyProtectorFriendlyName
    If VolumeKeyProtectorFriendlyName <> "" Then
      Wscript.Echo "KeyProtectors: " & VolumeKeyProtectorFriendlyName
    End If
  Next
Next

Documentation for functions, methods and properties used in this post:

6 Comments

  1. nice article, keep the posts coming

  2. Wow…it looks SO different from the exact same text posted in MSDN….

  3. Seems to be the same. Because its the same author… me!

  4. the VolumeKeyProtectorFriendlyName didn’t work for me, result was always empty… thats why i used the keyprotector. to get that info, add the following lines:

    Dim arProtectorType
    arProtectorType = Array(“Unknown”, “TPM only”, “External key”, “Numerical password”, “TPM and PIN”, “TPM and Startup Key”, “TPM and PIN and Startup Key”, “Public Key”, “Passphrase”)

    objItem.GetKeyProtectors ,ProtCol
    for Each KeyProtector in ProtCol
    objItem.GetKeyProtectorType KeyProtector,ProtectorType
    ProtectorType = arProtectorType(ProtectorType) ‘overwriting, because only the last protector object ist the active protector
    next
    wscript.echo arProtectionStatus(ProtectionStatus)

  5. @Johnny Braun
    last line was wrong:
    wscript.echo arProtectorType(ProtectorType)

  6. @Johnny Braun
    Servus…

    I don’t know where you got that from:

    ProtectorType = arProtectorType(ProtectorType) ‘overwriting, because only the last protector object ist the active protector

    but, Technet says: “The GetKeyProtectors method of the Win32_EncryptableVolume class lists the protectors used to secure the volume’s encryption key”. So you just need to replace the GetKeyProtectorFriendlyName section with parts of your code. The complete script would look like this:

    strComputer = "." 
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption")  
    Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48)  
       
    Dim arEncryptionMethod  
    arEncryptionMethod = Array("None", "AES 128 With Diffuser", "AES 256 With Diffuser", "AES 128", "AES 256")  
       
    Dim arProtectionStatus  
    arProtectionStatus = Array("Protection Off", "Protection On", "Protection Unknown")  
       
    Dim arConversionStatus  
    arConversionStatus = Array("Fully Decrypted", "Fully Encrypted", "Encryption In Progress", "Decryption In Progress", "Encryption Paused", "Decryption Paused")  
       
    Dim arLockStatus  
    arLockStatus = Array("Unlocked", "Locked")  
    
    Dim arProtectorType
    arProtectorType = Array("Unknown", "TPM only", "External key", "Numerical password", "TPM and PIN", "TPM and Startup Key", "TPM and PIN and Startup Key", "Public Key", "Passphrase")
    
       
    For Each objItem in colItems  
      Dim EncryptionMethod  
      Dim ProtectionStatus  
      Dim ConversionStatus  
      Dim EncryptionPercentage 'Percentage of the volume that is encrypted  
      Dim VolumeKeyProtectorID  
      Dim LockStatus  
       
      objItem.GetEncryptionMethod EncryptionMethod  
      objItem.GetProtectionStatus ProtectionStatus  
      objItem.GetConversionStatus ConversionStatus, EncryptionPercentage  
      objItem.GetKeyProtectors 0,VolumeKeyProtectorID  
      objItem.GetLockStatus LockStatus  
       
      WScript.Echo "DeviceID: " & objItem.DeviceID  
      Wscript.Echo "DriveLetter: " & objItem.DriveLetter  
      Wscript.Echo "EncryptionMethod: " & arEncryptionMethod(EncryptionMethod)  
      Wscript.Echo "ProtectionStatus: " & arProtectionStatus(ProtectionStatus)  
      Wscript.Echo "ConversionStatus: " & arConversionStatus(ConversionStatus)  
      Wscript.Echo "EncryptionPercentage: " & EncryptionPercentage & "%" 
      Wscript.Echo "LockStatus: " & arLockStatus(LockStatus)  
      
      For Each objId in VolumeKeyProtectorID
        Dim ProtectorType
        objItem.GetKeyProtectorType objId, ProtectorType
        Wscript.Echo "KeyProtectors by ProtectorType: " & arProtectorType(ProtectorType)
        
        Dim VolumeKeyProtectorFriendlyName  
        objItem.GetKeyProtectorFriendlyName objId, VolumeKeyProtectorFriendlyName  
        If VolumeKeyProtectorFriendlyName <> "" Then 
          Wscript.Echo "KeyProtectors by FriendlyName: " & VolumeKeyProtectorFriendlyName  
        End If 
      Next 
    Next 
    

    Output should be something like this:

    DriveLetter: C:
    EncryptionMethod: AES 128 With Diffuser
    ProtectionStatus: Protection On
    ConversionStatus: Fully Encrypted
    EncryptionPercentage: 100%
    LockStatus: Unlocked
    KeyProtectors by ProtectorType: TPM and PIN
    KeyProtectors by FriendlyName: TPMAndPin
    KeyProtectors by ProtectorType: Numerical password
    KeyProtectors by FriendlyName: DiskPassword
    

    See http://technet.microsoft.com/en-us/library/aa376441(v=vs.85).aspx for details on GetKeyProtectors method.

Trackbacks/Pingbacks

  1. How to access WMI namespaces on remote computers that require encryption? « Norman Bauer - [...] How to get some information on Bitlocker using VBScript and WMI? [...]
  2. Bitlocker ansteuern - Delphi-PRAXiS - […] […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha: * Time limit is exhausted. Please reload CAPTCHA.