Script_Bitlocker

1. <#
2. .SYNOPSIS
3. Gets the BitLocker protection status.
4. .DESCRIPTION
5. Gets the BitLocker protection status for a specific drive, or all drives.
6. .PARAMETER DriveType
7. Specifies the drive type(s) for which to get the bitlocker status. Default is: '3'.
8. Available values
9. 0 DRIVE_UNKNOWN
10. 1 DRIVE_NO_ROOT_DIR
11. 2 DRIVE_REMOVABLE
12. 3 DRIVE_FIXED
13. 4 DRIVE_REMOTE
14. 5 DRIVE_CDROM
15. 6 DRIVE_RAMDISK
16. These values are just for reference you probably will never use them.
17. .PARAMETER DriveLetter
18. Specifies the drive letter(s) for which to get the bitlocker status. Default is: 'All'.
19. .PARAMETER ShowTableHeaders
20. This switch specifies to show the table headers. Default: $false.
21. .EXAMPLE
22. Get-BitLockerStatus.ps1 -DriveLetter 'All'
23. .EXAMPLE
24. Get-BitLockerStatus.ps1 -DriveType '2'
25. .EXAMPLE
26. Get-BitLockerStatus.ps1 -DriveType '2','3' -DriveLetter 'C:','D:'
27. .INPUTS
28. System.String.
29. .OUTPUTS
30. System.String.
31. .NOTES
32. Created by Ioan Popovici
33. .LINK
34. https://SCCM.Zone/Get-BitlockerStatus
35. .LINK
36. https://SCCM.Zone/Get-BitlockerStatus-CHANGELOG
37. .LINK
38. https://SCCM.Zone/Get-BitlockerStatus-GIT
39. .LINK
40. https://SCCM.Zone/Issues
41. .COMPONENT
42. BitLocker
43. .FUNCTIONALITY
44. Get BitLocker status
45. #>
46.  
47. ## Set script requirements
48. #Requires -Version 3.0
49.  
50. ##*=============================================
51. ##* VARIABLE DECLARATION
52. ##*=============================================
53. #region VariableDeclaration
54.  
55. ## Get script parameters
56. Param (
57. [Parameter(Mandatory = $false, Position = 0)]
58. [ValidateNotNullorEmpty()]
59. [Alias('Type')]
60. [string[]]$DriveType = '3',
61. [Parameter(Mandatory = $false, Position = 1)]
62. [ValidateNotNullorEmpty()]
63. [Alias('Drive')]
64. [string[]]$DriveLetter = 'All',
65. [Parameter(Mandatory = $false, Position = 2)]
66. [ValidateNotNullorEmpty()]
67. [Alias('ShowHeaders')]
68. [switch]$ShowTableHeaders = $false
69. )
70.  
71. #endregion
72. ##*=============================================
73. ##* END VARIABLE DECLARATION
74. ##*=============================================
75.  
76. ## Set table headers
77. [boolean]$HideTableHeaders = If ($ShowTableHeaders) { $false } Else { $true }
78.  
79. ##*=============================================
80. ##* FUNCTION LISTINGS
81. ##*=============================================
82. #region FunctionListings
83.  
84. #region Function Get-BitLockerStatus
85. Function Get-BitLockerStatus {
86.  
87. [CmdletBinding()]
88. Param (
89. [Parameter(Mandatory = $false, Position = 0)]
90. [ValidateNotNullorEmpty()]
91. [Alias('Type')]
92. [string[]]$DriveType = '3',
93. [Parameter(Mandatory = $false, Position = 1)]
94. [ValidateNotNullorEmpty()]
95. [Alias('Drive')]
96. [string[]]$DriveLetter = 'All'
97. )
98.  
99. Begin {
100.  
101. ## Initializing Result Object
102. [psCustomObject]$Result = @()
103. }
104. Process {
105. Try {
106.  
107. ## Get the local drives from WMI
108. [psObject]$LocalDrives = Get-CimInstance -Namespace 'root\CIMV2' -ClassName 'CIM_LogicalDisk' | Where-Object -Property 'DriveType' -in $DriveType
109.  
110. ## Get the BitLocker Status for all drives from WMI
111. Get-CimInstance -Namespace 'root\CIMV2\Security\MicrosoftVolumeEncryption' -ClassName 'Win32_EncryptableVolume' -ErrorAction 'Stop' | `
112. Where-Object -Property 'DriveLetter' -in $($LocalDrives.DeviceID) | `
113. ForEach-Object {
114.  
115. # Get the drive type
116. [string]$GetDriveType = $($LocalDrives | Where-Object -Property 'DeviceID' -eq $($_.DriveLetter)) | Select-Object -ExpandProperty 'DriveType'
117.  
118. # Create the Result Props and make the ProtectionStatus more report friendly
119. [hashtable]$ResultProps = [ordered]@{
120. 'Drive' = $($_.DriveLetter)
121. 'ProtectionStatus' = $(
122. Switch ($_.ProtectionStatus) {
123. 0 { 'PROTECTION OFF' }
124. 1 { 'PROTECTION ON' }
125. 2 { 'PROTECTION UNKNOWN' }
126. }
127. )
128. 'EncryptionStatus' = $(
129. Switch ($_.ConversionStatus) {
130. 0 { 'FullyDecrypted' }
131. 1 { 'FullyEncrypted' }
132. 2 { 'EncryptionInProgress' }
133. 3 { 'DecryptionInProgress' }
134. 4 { 'EncryptionPaused' }
135. 5 { 'DecryptionPaused' }
136. }
137. )
138. 'DriveType' = 'Type ' + $GetDriveType
139. }
140.  
141. # Adding ResultProps hash table to result object
142. $Result += New-Object PSObject -Property $ResultProps
143. }
144.  
145. # Workaround for some Windows 7 computers not reporting BitLocker protection status for all drives
146. # Create the ResultProps array
147. $LocalDrives | ForEach-Object {
148. If ($($_.DeviceID) -notin $($Result.Drive)) {
149. $ResultProps = [ordered]@{
150. 'Drive' = $($_.DeviceID)
151. 'ProtectionStatus' = 'PROTECTION OFF'
152. 'DriveType' = $($_.DriveType)
153. }
154.  
155. # Adding ResultProps hash table to result object
156. $Result += New-Object PSObject -Property $ResultProps
157. }
158. }
159. }
160.  
161. ## Catch any script errors
162. Catch {
163. Write-Error -Message "Script Execution Error!`n $_" -Category 'NotSpecified'
164. }
165. Finally {
166.  
167. ## Filter result depending the DriveLetter parameter
168. If ($DriveLetter -ne 'All') {
169. Write-Output -InputObject $($Result | Where-Object -Property 'Drive' -in $DriveLetter)
170. }
171. Else {
172. Write-Output -InputObject $Result
173. }
174. }
175. }
176. End {
177. }
178. }
179. #endregion
180.  
181. #endregion
182. ##*=============================================
183. ##* END FUNCTION LISTINGS
184. ##*=============================================
185.  
186. ##*=============================================
187. ##* SCRIPT BODY
188. ##*=============================================
189. #region ScriptBody
190.  
191. ## Write BitLockerStatus to console
192. [string]$Result = $(Get-BitLockerStatus -DriveType $DriveType -DriveLetter $DriveLetter | Format-Table -HideTableHeaders:$HideTableHeaders | Out-String)
193. Write-Output $Result
194.  
195. #endregion
196. ##*=============================================
197. ##* END SCRIPT BODY
198. ##*=============================================