AnsweredAssumed Answered

PC Check for BitLocker

Question asked by adamc on Aug 23, 2016
Latest reply on Aug 26, 2016 by adamc

I have not been able to locate a document or instructions on how to setup a PC check that will report if BitLocker is NOT installed and functioning. 

 

So far I have found that the only way to guarantee BitLocker is initialized/running is to execute  "manage-bde -status" on the local system and identify the Protection Status (and other good info).

bitlocker_status_1.PNG

 

This can be simplified within WMI query:

bitlocker_status.PNG

ProtectionStatus: 1 or a ProtectionStatus: 2 output would be acceptable and means the drive is encrypted and either in a logged in state or logged out state.

 

So the root of the question is:  How can I use Qualys to do this check for me on all my Windows OS's and report back which ones do not have a ProtectionStatus: 1 or a ProtectionStatus: 2

 

I have not found a CID or a QID for this check.

Outcomes