Script to Query BitLocker Info – Single Machine

email me

I created this script to query Bitlocker info directly from the computer. I was going down a spreadsheet, so I added the loop to make things faster (I’m using this to audit machines). Note, I did add querying for computer name and IP address. If seems like manage-bde was being temperamental, and only sometimes accepting the name.

Screenshot

Code

@echo off
color 0b
Setlocal EnableDelayedExpansion
Title Return Bitlocker Info

:LOOP
cls
rem enter the name of the computer you want to query
Echo Enter Computer Name:
Set /p PC=

cls
Echo Checking for %PC%Echo.
rem check to see if the pc is online
ping %PC% | find “Reply” > nul
if errorlevel 1 (Echo %PC% was not found
ping -n 6 127.0.0.1>nul
) else (Echo Found %PC%
Echo.
Echo.
Echo.
Echo Trying by computer name first…
Echo.
rem return protectors to screen
manage-bde -cn %PC% -protectors -get c:

rem find ip address
for /f “tokens=1,2,3 delims=%%a in (‘ping %PC%’) do (
set IP1=%%a
set IP2=%%b
set IP3=%%c
echo !IP3! | find “[” && set IP=!IP3!
set PCIP=!IP:~1,-1!
)
Echo.
Echo.
Echo.
Echo Trying by IP address next…
Echo.
rem return protectors with ip address
manage-bde -cn !PCIP! -protectors -get c:
pause
)

goto :LOOP

 

Update 11/14/2016

I went ahead and added the Active Directory import. So, not only will the script return the Bitlocker info to screen, it will also attempt to import the remote computer’s Bitlocker info into AD. The additional parts are in bold.

@echo off
color 0b
Setlocal EnableDelayedExpansion
Title Return Bitlocker Info

:LOOP
cls
rem enter the name of the computer you want to query
Echo Enter Computer Name:
Set /p PC=
cls
Echo Checking for %PC%…
Echo.
rem check to see if the pc is online
ping %PC% | find “Reply” > nul
if errorlevel 1 (Echo %PC% was not found
ping -n 6 127.0.0.1>nul
) else (Echo Found %PC%
Echo.
Echo.
Echo.
Echo Trying by computer name first…
Echo.
rem return protectors to screen
manage-bde -cn %PC% -protectors -get c:

rem find ip address
for /f “tokens=1,2,3 delims= ” %%a in (‘ping %PC%’) do (
set IP1=%%a
set IP2=%%b
set IP3=%%c
echo !IP3! | find “[” && set IP=!IP3!
set PCIP=!IP:~1,-1!
)
Echo.
Echo.
Echo.
Echo Trying by IP address next…
Echo.
rem return protectors with ip address
manage-bde -cn !PCIP! -protectors -get c:
echo.
echo.
Echo Attempting Active Directory Import
for /f “skip=4 tokens=2 delims=:” %%g in (‘”manage-bde -cn !PCIP! -protectors -get c:”‘) do set MyVar=%%g
ping.exe -n 6 127.0.0.1>nul
REM IMPORT BITLOCKER INFO INTO AD
echo.
echo Returned ID is !MyVar!
echo.
\\%computername%\C$\Windows\system32\manage-bde.exe -cn !PCIP! -protectors -adbackup c: -id!MyVar!
pause
)

goto :LOOP

 

Notes

see this PowerShell script to write to computer description field in AD