Manage BitLocker and TPM Inventory with Quest SMA

Manage BitLocker TPM – Monitor BitLocker and TPM status in Quest SMA with custom software inventory, labels, encryption status checks and workstation reporting.

Useful external reference: Quest KACE resources.

Computer Status

TPM Chip

  • The inventory of the computer can verify that the TPM chip is activated
Manage BitLocker TPM screenshot

Manage BitLocker TPM – On computers where the TPM chip is not available, the information will simply not appear in the inventory

Useful external reference: Quest KACE resources.

BitLocker Status

  • The encryption status of the disk can also be identified (no encryption)
Quest SMA BitLocker and TPM inventory
  • The encryption status of the disk can also be identified (encryption in progress)
Quest SMA BitLocker and TPM inventory
  • The encryption status of the disk can also be identified (encryption OK)
Quest SMA BitLocker and TPM inventory

Label Creation

Manage BitLocker TPM – Three labels can be created:

Useful external reference: Quest KACE resources.

  • Computers with BitLocker activated (or in the process of encryption)
Quest SMA BitLocker and TPM inventory
  • Computers without TPM chips
Quest SMA BitLocker and TPM inventory
  • Computers without BitLocker but with a TPM chip
Quest SMA BitLocker and TPM inventory

BitLocker Activation

Manage BitLocker TPM – A computer with the SMA agent installed plus BitLocker activated is required for this step

Software: Computers With BitLocker

Manage BitLocker TPM – An application will be created to identify computers with BitLocker

Useful external reference: Quest KACE resources.

  • In Software, create a new application
Quest SMA BitLocker and TPM inventory
  • Add a custom rule
Quest SMA BitLocker and TPM inventory
ShellCommandTextReturn(cmd.exe /c %windir%sysnativemanage-bde.exe -protectors -get c:)
  • Then force inventory on the computers
Quest SMA BitLocker and TPM inventory
  • All computers with BitLocker activated will be associated with this application

Software: BitLocker Activation

Manage BitLocker TPMScript EnableBitlocker.cmd

Useful external reference: Quest KACE resources.

Set cmdmanageBDE=manage-bde.exe
if defined PROCESSOR_ARCHITEW6432 Set cmdmanageBDE=%windir%Sysnativemanage-bde.exe

%cmdmanageBDE% -protectors -add -tpm -recoverypassword c:
%cmdmanageBDE% -protectors -enable c:
%cmdmanageBDE% -on -usedspaceonly -skiphardwaretest C:
  • Associate the BitLocker activation script with the application just created
Quest SMA BitLocker and TPM inventory
  • Create a new distribution
Quest SMA BitLocker and TPM inventory
  • And use the activation script
Quest SMA BitLocker and TPM inventory
  • Associate this distribution with a test computer (Computers without BitLocker but with a TPM chip)
  • Wait 1 to 2 minutes
  • Force inventory on the targeted computer and notice that encryption has started
Quest SMA BitLocker and TPM inventory