Computer Status
TPM Chip
- The inventory of the computer can verify that the TPM chip is activated
On computers where the TPM chip is not available, the information will simply not appear in the inventory
BitLocker Status
- The encryption status of the disk can also be identified (no encryption)
- The encryption status of the disk can also be identified (encryption in progress)
- The encryption status of the disk can also be identified (encryption OK)
Label Creation
Three labels can be created:
- Computers with BitLocker activated (or in the process of encryption)
- Computers without TPM chips
- Computers without BitLocker but with a TPM chip
BitLocker Activation
A computer with the SMA agent installed plus BitLocker activated is required for this step
Software: Computers With BitLocker
An application will be created to identify computers with BitLocker
- In Software, create a new application
- Add a custom rule
ShellCommandTextReturn(cmd.exe /c %windir%\sysnative\manage-bde.exe -protectors -get c:)
- Then force inventory on the computers
- All computers with BitLocker activated will be associated with this application
Software: BitLocker Activation
Script EnableBitlocker.cmd
Set cmdmanageBDE=manage-bde.exe
if defined PROCESSOR_ARCHITEW6432 Set cmdmanageBDE=%windir%\Sysnative\manage-bde.exe
%cmdmanageBDE% -protectors -add -tpm -recoverypassword c:
%cmdmanageBDE% -protectors -enable c:
%cmdmanageBDE% -on -usedspaceonly -skiphardwaretest C:
- Associate the BitLocker activation script with the application just created
- Create a new distribution
- And use the activation script
- Associate this distribution with a test computer (Computers without BitLocker but with a TPM chip)
- Wait 1 to 2 minutes
- Force inventory on the targeted computer and notice that encryption has started
0 Comments