--------------STANDALONE --- AD Compliance--------------    

#SET REPORT NAME
$CsvFilePath = "BitLockerComputerReport.csv"

#LOAD COMPUTER OBJECTS BASED ON OBJECT PROPERTIES
$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties Name,ParentContainer | Where-Object {$_.type -eq "msFVE-RecoveryInformation"} | Foreach-Object {Split-Path -Path $_.ParentContainer -Leaf} | Select-Object -Unique
$strComputers = Get-QADComputer -SizeLimit 0 -IncludedProperties Name,OperatingSystem,msTPM-OwnerInformation | Where-Object {$_.operatingsystem -like "Windows 7*" -or $_.operatingsystem -like "Windows Vista*"} | Sort-Object Name

#CREATE ARRAY TO HOLD COMPUTER INFORMATION
$ExportToArray = @()

foreach ($strComputer in $strComputers)
  {
  
    #Create object for each computer
    $strComputerObj = New-Object -TypeName psobject
	$HOST.UI.RawUI.ReadKey("NoECHO,IncludeKeyDown") | OUT-NULL
    $HOST.UI.RawUI.Flushinputbuffer()
    
    
    #Add name and operatingsystem 
    $strComputerObj | Add-Member -MemberType NoteProperty -Name Name -Value $strComputer.Name
    $strComputerObj | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $strComputer.operatingsystem
    
    #SET HasBitlockerRecoveryKey to true or false
    if ($strComputer.name -match ('(' + [string]::Join(')|(', $bitlockerenabled) + ')')) {
    $strComputerObj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $true
    }
    else
    {
    $strComputerObj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $false
    }
    
    #SET HasTPM-OwnerInformation to true or false, based on the msTPM-OwnerInformation on the computer object
     if ($strComputer."msTPM-OwnerInformation") {
    $strComputerObj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $true
    }
    else
    {
    $strComputerObj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $false
    }
    
#Add the computer object to the array with computer information
$ExportToArray += $strComputerObj

  }

#Export the array with computerinformation to the user-specified path
$ExportToArray | Export-Csv -Path $CsvFilePath -NoTypeInformation






ALLOWS HELPDESK TO EASILY RETRIEVE THE KEY FOR SUPPORT REASONS
-------------- STANDALONE --- HELPDESK SUPPORT--------------
clear
#User input
Write-Host "Enter credentials: "
$UserName = Read-Host "Enter User Name: " 
$Password = Read-Host -AsSecureString "Enter Your Password: " 
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName , $Password 

#Retrieve user input
$strComputer = Read-Host 'USER INPUT'

#Import AD commands
Import-Module ActiveDirectory

#Check AD Object
$strComputerObject = Get-ADComputer -Filter {cn -eq $strComputer} -Property msTPM-OwnerInformation, msTPM-TpmInformationForComputer -Credential $credential
if($strComputerObject -eq $null){
    Write-Host "Computer object not found.  EXITing the script..."
    %compspec% /c PAUSE
	EXIT
}

#msTPM-OwnerInformation attribute
if($strComputerObject.'msTPM-OwnerInformation' -eq $null){
    #Check if the computer object has had the TPM info backed up to AD
    if($strComputerObject.'msTPM-TpmInformationForComputer' -ne $null){
        # Grab the TPM Owner Password from the msTPM-InformationObject
        $TPMObject = Get-ADObject -Identity $strComputerObject.'msTPM-TpmInformationForComputer' -Properties msTPM-OwnerInformation  -Credential $credential
        $TPMKey = $TPMObject.'msTPM-OwnerInformation'
    }else{
        $TPMKey = '<not SET>'
    }
}else{
    # Windows 7 and older OS TPM Owner Password
    $TPMKey = $strComputerObject.'msTPM-OwnerInformation'
}

#Check if the computer object has had a BitLocker Recovery Password backed up to AD
$BitLockerObject = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $strComputerObject.DistinguishedName -Properties 'msFVE-RecoveryPassword' -Credential $credential | Select-Object -Last 1
if($BitLockerObject.'msFVE-RecoveryPassword'){
    $BitLockerKey = $BitLockerObject.'msFVE-RecoveryPassword'
}else{
    $BitLockerKey = '<not SET>'
}

#Return to screen
Write-Host 'TPM Owner Recovery Key:' $TPMKey
Write-Host 'BitLocker Recovery Password:' $BitLockerKey

# Export TPM Owner Password File
if($strComputerObject.'msTPM-TpmInformationForComputer' -ne $null){
    $ExportToArrayToFile = Read-Host 'Would you like to export the recovery key [y or n]'
    if($ExportToArrayToFile -ne 'y'){
        EXIT
    }

    $TPMFile = '<?xml version="1.0" encoding="UTF-8"?><ownerAuth>' + $TPMKey + '</ownerAuth>'
    $TPMFile | Out-File "TPMOwnerPasswordFile.tpm"
}else{
    Cmd /c PAUSE

}






* WILL BE COMPILED INTO AN EXE
UPDATES COMPUTER OBJECT DESCRIPTION FIELD
-------------- IMAGE --- ADD TO LOCAL MACHINE IMAGING PROCESS--------------

on error resume next

SET objWMI = GetObject("winmgmts:")
 SET colSETtings = objWMI.ExecQuery("Select * from Win32_ComputerSystem")
 
For Each objComputer in colSETtings
 on error resume next
 LaptopModel = Trim(objComputer.Model)
 Next

if strModel = "" then
'on error resume next
'msgbox "no model was detected"
 myLength = Len(LaptopModel)
 
For i = 1 To myLength
on error resume next
 If Asc(Mid(LaptopModel, i, 1)) <> 32 Then
 If Asc(Mid(LaptopModel, i, 1)) >= 48 And Asc(Mid(LaptopModel, i, 1)) <= 57 Then
 myNumber = myNumber & Mid(LaptopModel, i, 1)
 End If
 Else
 'msgbox("no numeric")
 End If
 Next
 'msgbox myNumber
 myNumber = left(myNumber, 4)
 strModel = myNumber

 end if
 
'msgbox strModel

Dim strSearchString, strSearchFor
SET objSysInfo = CreateObject("ADSystemInfo")
SET objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)

strSearchString = objComputer.Description
strSearchFor = "Bitlocker"
If InStr(1, strSearchString, strSearchFor) > 0 then
'if bitlocker is not found
strMessage = "BITLOCKER" & " * " & Now & " * " & strModel & " * " & objComputer.Description
Else
'if bitlocker is found
  strMessage = "BITLOCKER" & " * " & Now & " * " & strModel' & " " & objComputer.Description
End If

objComputer.Description = strMessage
objComputer.SETInfo




* WILL BE COMPILED INTO AN EXE
CAN BE DEPLOYED FROM LANDESK TO IMPORT BITLOCKER RECOVERY INFO INTO LANDESK DATABASE
------------LANDESK --- IMPORT INTO LANDESK DATABASE FROM CLIENT--------------

@ECHO OFF
TITLE Kaplan Bitlocker Import for LANDesk
COLOR 0b

CLS
ECHO Checking Bitlocker compliance...
ECHO.
SET MyVar=
rem used for SETting path for testing and landesk

SETLOCAL ENABLEDELAYEDEXPANSION

REM RETURNS KEY
REM PRIMARY EXTRACTION METHOD and creates the LDCustom2.dat file for landesk
FOR /F "skip=4 tokens=2 delims=:" %%g IN ('"\\%computername%\c$\windows\system32\manage-bde.exe -protectors -get c:"') do SET MyVar=%%g
FOR /F "skip=5 tokens=1 delims=Password " %%h IN ('"\\%computername%\c$\windows\system32\manage-bde.exe -protectors -get c:"') do SET MyPass=%%h
\\%computername%\c$\windows\system32\ping.exe -n 8 127.0.0.1>nul
IF %MyVar% neq "" (
ECHO success
ECHO Custom Data - Bitlocker - Recovery - ID = %MyVar%>"C:\Program Files (x86)\LANDesk\LDClient\LDCUSTOM2.DAT"
ECHO Custom Data - Bitlocker - Recovery - Password = %MyPass%>>"C:\Program Files (x86)\LANDesk\LDClient\LDCUSTOM2.DAT"
ECHO Custom Data - Bitlocker - Recovery - Date = %DATE%>>"C:\Program Files (x86)\LANDesk\LDClient\LDCUSTOM2.DAT"
ECHO Custom Data - Bitlocker - Recovery - Time = %TIME%>>"C:\Program Files (x86)\LANDesk\LDClient\LDCUSTOM2.DAT"
) || (
ECHO failed
ECHO Custom Data - Bitlocker - Recovery - ID = NONE>"C:\Program Files (x86)\LANDesk\LDClient\LDCUSTOM2.DAT"
ECHO Custom Data - Bitlocker - Recovery - Password = NONE>>"C:\Program Files (x86)\LANDesk\LDClient\LDCUSTOM2.DAT"
ECHO Custom Data - Bitlocker - Recovery - Date = %DATE%>>"C:\Program Files (x86)\LANDesk\LDClient\LDCUSTOM2.DAT"
ECHO Custom Data - Bitlocker - Recovery - Time = %TIME%>>"C:\Program Files (x86)\LANDesk\LDClient\LDCUSTOM2.DAT"
)

rem modifies the LDSCNHLP.INI file to not launch ldcustom.cmd
CLS
ECHO Checking Bitlocker compliance...done
ECHO.
ECHO Creating custom LANDesk scan...
ECHO.
rem create updated ldscan file
ECHO [Execute WIN16]>"C:\Progra~2\LANDesk\LDClient\LDSCNHLP.INI"
ECHO.>>"C:\Progra~2\LANDesk\LDClient\LDSCNHLP.INI"
ECHO [Execute WIN32]>>"C:\Progra~2\LANDesk\LDClient\LDSCNHLP.INI"
ECHO.>>"C:\Progra~2\LANDesk\LDClient\LDSCNHLP.INI"
ECHO [DATA FILES]>>"C:\Progra~2\LANDesk\LDClient\LDSCNHLP.INI"
ECHO DATANOPREPEND1=c:\progra~2\LANDesk\LDClient\LDCustom2.DAT>>"C:\Progra~2\LANDesk\LDClient\LDSCNHLP.INI"
ECHO DATA1=c:\progra~2\LANDesk\LDClient\LDCustom.DAT>>"C:\Progra~2\LANDesk\LDClient\LDSCNHLP.INI"
\\%computername%\c$\windows\system32\ping.exe -n 8 127.0.0.1>nul


rem runs the landesk inventory scanner
CLS
ECHO Checking Bitlocker compliance...done
ECHO.
ECHO Creating custom LANDesk Inventory scan...done
ECHO.
ECHO Running LANDesk Inventory Scan...
ECHO.
rem "c:\ProgramData\Microsoft\Windows\Start Menu\Programs\LANDesk Management\Inventory Scan.lnk"
"C:\Program Files (x86)\LANDesk\LDClient\LDISCN32.EXE" /NTT=YourLANDeskServer.YourDomain.com:5007 /S=YourLANDeskServer.YuurDomain.com  /I=HTTP://YourLANDeskServer.YuurDomain.com/ldlogon/ldappl3.ldz /F /SYNC



* WILL BE COMPILED INTO AN EXE
MANUALLY RAN BY TECHNICIANS TO IMPORT BITLOCKER RECOVERY INFO INTO AD
---------------- TECH TOOL --- AUTOMATED AD BITLOCKER IMPORT-----------------

@ECHO off
title Import Bitlocker Recovery Information
CLS
ECHO Checking Bitlocker compliance...
REM CLEAR VARIABLE
SET MyVar=


REM PRIMARY EXTRACTION METHOD
FOR /F "skip=4 tokens=2 delims=:" %%g in ('"\\%computername%\C$\Windows\system32\manage-bde.exe -protectors -get c:"') do SET MyVar=%%g
ping.exe -n 10 127.0.0.1>nul

CLS
ECHO Checking Bitlocker compliance...done
ECHO.
ECHO Importing Recovery information into AD...
ECHO.
REM IMPORT BITLOCKER INFO INTO AD
\\%computername%\C$\Windows\system32\manage-bde.exe -protectors -adbackup c: -id%MyVar% && (
ping.exe -n 10 127.0.0.1>nul

CLS
ECHO Checking Bitlocker compliance...done
ECHO.
ECHO Importing Recovery Information into AD...done
ECHO.
CLS
ECHO Checking Bitlocker compliance...done
ECHO.
ECHO Importing Recovery information into AD...done
ECHO.
ECHO Import completed successfully.
ECHO.
PAUSE
) || (
CLS
ECHO Failed. Try again, and Run as Administrator. 
PAUSE
)

REM CLEAR VARIABLE
SET MyVar=
EXIT /b 0




* WILL BE COMPILED INTO AN EXE
PERFORMS A LANDESK BITLOCKER AD COMPLIANCE
----------------- LANDESK --- AUTOMATED AD BITLOCKER IMPORT-----------------
@ECHO ON
TITLE Bitlocker Compliance Checker
COLOR 0a
SET MyVar=

SETlocal ENABLEDELAYEDEXPANSION

REM SET PERCENTAGE
SET findthis=100%

REM OUTPUT BITLOCKER STATUS TO TEXT FILE
\\%computername%\c$\windows\system32\manage-bde.exe -status>bitlocker.txt

REM FIND PERCENTAGE IN FILE
FINDSTR %findthis% bitlocker.txt && (
CLS
FOR /F "skip=4 tokens=2 delims=:" %%g in ('"\\%computername%\c$\windows\system32\manage-bde.exe -protectors -get c:"') DO SET MyVar=%%g
REM IF FOUND, THEN WRITE PASSED COMPLIANCE DATA TO REGISTRY AND SEND BACK TO LANDESK
REM WRITE TO REGISTRY
%windir%\system32\REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Bitlocker" /v Compliance /d "PASSED" /t REG_SZ /f
%windir%\system32\REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Bitlocker" /v Timestamp /d "%date% %time%" /t REG_SZ /f
%windir%\system32\REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Bitlocker" /v Recovery /d "!MyVar!" /t REG_SZ /f
REM CREATE EVENT LOG
%windir%\system32\EVENTCREATE.exe /T INFORMATION /ID 999 /d "Bitlocker PASSED"
REM SEND BACK TO LANDESK
"C:\Program Files (x86)\LANDesk\LDClient\SDCLIENT.EXE" /msg="PASSED"
GOTO :END
) || (
CLS
REM IF NOT FOUND, THEN WRITE FAILED COMPLIANCE DATA TO REGISTRY AND SEND BACK TO LANDESK
REM WRITE TO REGISTRY
%windir%\system32\REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Bitlocker" /v Compliance /d "FAILED" /t REG_SZ /f
%windir%\system32\REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Bitlocker" /v Timestamp /d "%date% %time%" /t REG_SZ /f
REM CREATE EVENT LOG
%windir%\system32\EVENTCREATE.exe /T INFORMATION /ID 999 /d "Bitlocker FAILED"
REM SEND BACK TO LANDESK
"C:\Program Files (x86)\LANDesk\LDClient\SDCLIENT.EXE" /msg="FAILED"
GOTO :END
)

:END
REM CLEAR VARIABLES AND EXIT
SET findthis=
SET MyVar=
EXIT /b 0



* WILL BE COMPILED INTO AN EXE
THIS VBSCRIPT IS USED TO SEND BITLOCKER RECOVERY INFORMATION USING AN EMAIL
THE SCRIPT IS MEANT TO RUN AS PART OF THE IMAGING PROCESS OR USED IN TROUBLESHOOTING
------------------email--------------------
'NOTE, THIS FILE IS COMPILED
ON ERROR RESUME NEXT
'INFORMATION COLLECTION
strComputerName = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%computername%")
strUsername = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%username%")
SET objWMIService = GetObject("winmgmts:\\" & strComputerName & "\root\CIMV2")   
SET colItems = objWMIService.ExecQuery( "SELECT * FROM Win32_ComputerSystemProduct",,48)   
FOR EACH objItem IN colItems  
    SerialValue  = objItem.IdentifyingNumber  
 NEXT 
 
 
SET objFileToRead = CreateObject("Scripting.FileSystemObject").OpenTextFile("bit1.dat",1)
DIM strBitlocker1
DO WHILE NOT objFileToRead.AtEndOfStream
     strBitlocker1 = objFileToRead.ReadLine()
'Do something with the line
LOOP
objFileToRead.Close

'SET EMAIL CONTENT HERE
GMail_Subject = strComputerName & " " & strUsername'THIS COULD BE THE ACTUAL USERNAME or COMPUTERNAME
Gmail_Body = "Script created by Eddie Jackson" & vbCRLF & vbCRLF &_ 
"Tool Version: 3.0" & vbCRLF & "Timestamp: " & NOW & vbCRLF & "Computer: " & strComputerName & vbCRLF & "Username: " & strUsername & vbCRLF & "Serial Number: " & SerialValue & vbCRLF & vbCRLF & "Bitlocker Password: " & vbCRLF & "C: " & strBitlocker1
'MAIL OBJECTS
CONST cdoSendUsingPickup = 1
CONST cdoSendUsingPort = 2
CONST cdoAnonymous = 0
CONST cdoBasic = 1
CONST cdoNTLM = 2
'EMAIL ACCOUNT INFORMATION - ONLY NEEDS EMAIL SERVICE ACCOUNT INFO
strFrom = strComputerName
CONST strFromName = "Bitlocker Recovery Information"
CONST strTo = "MyEmailAddress1@domain.com,MyEmailAddress2@domain.com"
CONST Gmail_SMTPServer = "smtp.DOMAIN.com"
CONST GMail_SMTPLogon = "MyAccount@Domain.com"
CONST Gmail_SMTPPassword = "MyPassword"
CONST SMTPSSL = True
CONST SMTPPort = 465
'EXECUTES OBJECTS
SET objMessage = CreateObject("CDO.Message")
objMessage.Subject = GMail_Subject
objMessage.From = """" & strFromName & """ <" & strFrom & ">"
objMessage.To = strTo
objMessage.TextBody = Gmail_Body
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = Gmail_SMTPServer
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusername") = GMail_SMTPLogon
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendpassword") = Gmail_SMTPPassword
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = SMTPPort
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = SMTPSSL
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30
objMessage.Configuration.Fields.Update
'THIS SENDS THE MESSAGE
objMessage.Send

SET objShell = CreateObject("Wscript.Shell")
SET objEnv = objShell.Environment("Process")
objShell.Run "%comspec% /c del /q bit1.dat",0,true
Wscript.quit(0)



* WILL BE COMPILED INTO AN EXE
THE SCRIPTED BATCH FILE CAN BE USED TO REPORT ON TPM STATUS
IT IS MEANT TO RUN FROM LANDESK, QUERYING ALL MACHINES IN THE ENTERPRISE
SEE SNAPSHOT
--------LANDESK --- check TPM Status---------

@ECHO ON 
REM CHECK TPM STATUS - IF TPM 'NOT' FOUND IS RETURNED, GOTO FAILED ELSE GOTO PASSED
C:\windows\system32\manage-bde -tpm -TurnOn | findstr /f "not" && GOTO :FAILED
GOTO :PASSED

:FAILED
CLS
COLOR 0c
ECHO ERROR: A compatible Trusted Platform Module (TPM) was not detected.
ECHO.
REM SEND FAILED TO LANDESK
IF EXIST "C:\Program Files (x86)\LANDesk\LDClient\SDCLIENT.EXE" "C:\Program Files (x86)\LANDesk\LDClient\SDCLIENT.EXE" /msg="FAILED"
IF EXIST "C:\Program Files\LANDesk\LDClient\SDCLIENT.EXE" "C:\Program Files\LANDesk\LDClient\SDCLIENT.EXE" /msg="FAILED"
ECHO %DATE% %TIME% Sent FAILED message to LANDesk>>C:\Bitlocker\log.dat
C:\windows\system32\REG.exe ADD HKLM\SOFTWARE\Bitlocker /v TPM_Status /d FAILED /t REG_SZ /f
C:\windows\system32\REG.exe ADD HKLM\SOFTWARE\Bitlocker /v Timestamp /d "%DATE% %TIME%" /t REG_SZ /f


REM IF TPM ENABLER IS FOUND (A SCRIPT FROM MICROSOFT), RUN SCRIPT WITH 'ON' OPTION AND SET BIOS PASSWORD USING SETPW.EXE
REM WIN7
IF EXIST "C:\Program Files (x86)\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\enablebitlocker.vbs" (
REM SET BIOS PASSWORD - REQUIRED TO ENABLE SOME TPM CHIPS
"C:\Program Files (x86)\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\SetPW.exe" /nspwdfile:""C:\Program Files (x86)\LANDesk\LDClient\sdmcache\apps\Bitlocker\password.bin"
REM ENABLE TPM
"C:\Program Files (x86)\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\enablebitlocker.vbs" /on:tpm /l:c:\setup\bitlocker.log
)
REM XP
IF EXIST "C:\Program Files\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\enablebitlocker.vbs" (
REM SET BIOS PASSWORD - REQUIRED TO ENABLE SOME TPM CHIPS
"C:\Program Files\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\SetPW.exe" /nspwdfile:""C:\Program Files\LANDesk\LDClient\sdmcache\apps\Bitlocker\password.bin"
REM ENABLE TPM
"C:\Program Files\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\enablebitlocker.vbs" /on:tpm /l:c:\setup\bitlocker.log
)

REM LAUNCH RESTART COMPUTER PROMPT - SIMPLE EMPTY REBOOT HTA
IF EXIST "C:\Program Files (x86)\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\tpm.hta" (
start "" "C:\Program Files (x86)\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\tpm.hta"
)
IF EXIST "C:\Program Files\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\tpm.hta" (
start "" "C:\Program Files\LANDesk\LDClient\sdmcache\apps\Bitlocker\alpha\tpm.hta"
)
EXIT /B 0

:PASSED
REM SEND PASSED TO LANDESK
IF EXIST "C:\Program Files (x86)\LANDesk\LDClient\SDCLIENT.EXE" "C:\Program Files (x86)\LANDesk\LDClient\SDCLIENT.EXE" /msg="PASSED"
IF EXIST "C:\Program Files\LANDesk\LDClient\SDCLIENT.EXE" "C:\Program Files\LANDesk\LDClient\SDCLIENT.EXE" /msg="PASSED"
ECHO %DATE% %TIME% Sent PASSED message to LANDesk>>C:\Bitlocker\log.dat
REM WRITE PASSED STATUS TO REGISTRY
C:\windows\system32\REG.exe ADD HKLM\SOFTWARE\Bitlocker /v TPM_Status /d PASSED /t REG_SZ /f
C:\windows\system32\REG.exe ADD HKLM\SOFTWARE\Bitlocker /v Timestamp /d "%DATE% %TIME%" /t REG_SZ /f
EXIT /B 0