Automating the World

We have migrated servers, if you encounter any issues, please let us know on Slack, or post it.


We have also disabled registration as we migrate to the new forum systems. The slack (slack.labtechgeek.com) will always be accepting new users.
 
stephenmonk
Posts: 2
Joined: Tue Feb 02, 2016 8:12 pm
Current LT Agent Count: 200+

Re: TPM Status?

Mon Nov 14, 2016 2:05 pm

Any updates on this? I haven't had time to look into it...but would be good to get this script updated for multiple bitlocker keys.
 
Digital Carnage
Geek
Posts: 35
Joined: Fri Jul 18, 2014 2:46 pm
Current LT Agent Count: 1000+
Contact:

Re: TPM Status?

Mon Nov 14, 2016 3:31 pm

Sorry No update yet.
I have not had the time. we have been combating update issues for WUA.
I will see if i can get time next week to look in to the issues
 
Ross
Posts: 3
Joined: Mon Mar 31, 2014 5:07 am
Current LT Agent Count: 1500+

Re: TPM Status?

Mon Jan 23, 2017 10:54 am

This is awesome, really helped with bitlocker detection for me. Cheers for integrating the EDF creation.
I am running LT10 and rolling out to Windows 10.
We will be trying to use GPO to get bitlocker on the machines so that is the next thing.
One change made to the script to get it working just right which was to move the "line 10" Exit Script up to line 8.
Thanks for the great work
 
Wupsje
Geek
Posts: 33
Joined: Fri Jul 04, 2014 2:27 am
Current LT Agent Count: 1500+

Re: TPM Status?

Thu Jan 26, 2017 4:32 am

We've solved this by creating a role definition, a group and a search.

role definition:
{%@powershell.exe "Get-BitLockerVolume | Where ProtectionStatus -eq 'On' | Select-Object VolumeStatus"@%}
contains
Encrypted

Then a scheduled script (every so often) on the group which fills the EDF with the output of this powershell:
powershell.exe -NoLogo -Command "& {ForEach ($Volume in (Get-BitLockerVolume | Where {$_.ProtectionStatus -eq 'On'})) { Write-Output """$($Volume.MountPoint) - $($Volume.KeyProtector.recoverypassword)"""}}"

should output all bitlocker protected volumes (even USB sticks) with the recoverypassword (if applicable) in the EDF.
 
Digital Carnage
Geek
Posts: 35
Joined: Fri Jul 18, 2014 2:46 pm
Current LT Agent Count: 1000+
Contact:

Re: TPM Status?

Tue Feb 07, 2017 2:24 pm

Very nice.
 
dsinton44
Geek
Posts: 135
Joined: Wed Aug 14, 2013 11:33 am
Current LT Agent Count: 1500+
Location: Parsippany NJ
Contact:

Re: TPM Status?

Fri Feb 17, 2017 2:58 pm

looks good. i will have to try this out
 
dlh2009
Posts: 1
Joined: Sat Aug 13, 2016 8:40 am
Current LT Agent Count: 500+

Re: TPM Status?

Fri Mar 17, 2017 9:50 am

This script is exactly what I was looking for, and appears to be working flawlessly for us.

Thank you much!
 
absoblogginlutely!
Posts: 13
Joined: Thu Jun 13, 2013 10:48 am
Current LT Agent Count: 3000+

Re: TPM Status?

Tue Apr 25, 2017 2:45 pm

For those of you running the original script, we found that the manage-bde | select-string "Protection On" will give you a false positive as Labtech runs the command with quotes around it, so it actually stops after Select-string. This generates an invalid command and echoes the rest with Protection On. As the next line checks for the word On, every single computer now has TPM on according to the logic.
Solved by making the text manage-bde | select-string 'Protection On'
in single quotes.
 
Digital Carnage
Geek
Posts: 35
Joined: Fri Jul 18, 2014 2:46 pm
Current LT Agent Count: 1000+
Contact:

Re: TPM Status?

Wed May 31, 2017 10:14 am

Awesome. We did not see this same behavior but I will change it anyway.
Thanks for the input.
 
starbucksgold
Geek
Posts: 535
Joined: Tue Jun 04, 2013 2:25 pm
Current LT Agent Count: 500+
Location: Pensacola, FL
Contact:

Re: TPM Status?

Mon Sep 25, 2017 6:06 pm

Anyone have a functional version of this script they care to share that works with Windows 7 through Windows 10 OSes?