[ale] How would you ....
Raj Wurttemberg
rajaw at c64.us
Fri Apr 30 07:11:37 EDT 2021
I would probably use Ansible to report on hundreds of systems, it is cross
platform and agentless.
For Windows, you just need to run the command (Administrator level account),
"manage-bde -status". It comes back with a nice report like this:
'''
Volume C: [OS]
[OS Volume]
Size: 243.58 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0.0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Key Protectors: None Found
'''
Or with PowerShell... (output can be JSON if needed with "
Get-BitLockerVolume | convertto-json")
'''
PS C:\WINDOWS\system32> Get-BitLockerVolume
ComputerName: XXXXXXX
VolumeType Mount CapacityGB VolumeStatus Encryption
KeyProtector AutoUnlock Protection
Point Percentage
Enabled Status
---------- ----- ---------- ------------ ----------
------------ ---------- ----------
Data E: 2,048.00 FullyDecrypted 0 {}
Off
Data F: 2,560.00 FullyDecrypted 0 {}
Off
Data G: 979.37 FullyDecrypted 0 {}
Off
OperatingSystem C: 243.58 FullyDecrypted 0 {}
Off
Data D: 232.80 FullyDecrypted 0 {}
Off
'''
/Raj
> -----Original Message-----
> From: Ale <ale-bounces at ale.org> On Behalf Of DJ-Pfulio via Ale
> Sent: Thursday, April 29, 2021 11:10 PM
> To: Atlanta Linux Enthusiasts <ale at ale.org>
> Cc: DJ-Pfulio <DJPfulio at jdpfu.com>
> Subject: [ale] How would you ....
>
> run a report against thousands of workstations to ensure they all use
> encrypted storage. Call it a HIPPA requirement and reporting is just as
> important as actually having the encryption deployed.
>
> Assume Windows and Linux workstations - but linux-only is fine too.
> F/LOSS preferred for the solution.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list