I created this script to query Bitlocker info directly from the computer. I was going down a spreadsheet, so I added the loop to make things faster (I’m using this to audit machines). Note, I did add querying for computer name and IP address. If seems like manage-bde was being temperamental, and only sometimes accepting the name.
Screenshot
Code
@echo off color 0b Setlocal EnableDelayedExpansion Title Return Bitlocker Info :LOOP cls rem enter the name of the computer you want to query Echo Enter Computer Name: Set /p PC= cls Echo Checking for %PC%… Echo. rem check to see if the pc is online ping %PC% | find “Reply” > nul if errorlevel 1 (Echo %PC% was not found ping -n 6 127.0.0.1>nul ) else (Echo Found %PC% Echo. Echo. Echo. Echo Trying by computer name first… Echo. rem return protectors to screen manage-bde -cn %PC% -protectors -get c: rem find ip address for /f “tokens=1,2,3 delims= ” %%a in (‘ping %PC%’) do ( set IP1=%%a set IP2=%%b set IP3=%%c echo !IP3! | find “[” && set IP=!IP3! set PCIP=!IP:~1,-1! ) Echo. Echo. Echo. Echo Trying by IP address next… Echo. rem return protectors with ip address manage-bde -cn !PCIP! -protectors -get c: pause ) goto :LOOP
Update 11/14/2016
I went ahead and added the Active Directory import. So, not only will the script return the Bitlocker info to screen, it will also attempt to import the remote computer’s Bitlocker info into AD. The additional parts are in bold.
@echo off
color 0b
Setlocal EnableDelayedExpansion
Title Return Bitlocker Info
:LOOP
cls
rem enter the name of the computer you want to query
Echo Enter Computer Name:
Set /p PC=
cls
Echo Checking for %PC%…
Echo.
rem check to see if the pc is online
ping %PC% | find “Reply” > nul
if errorlevel 1 (Echo %PC% was not found
ping -n 6 127.0.0.1>nul
) else (Echo Found %PC%
Echo.
Echo.
Echo.
Echo Trying by computer name first…
Echo.
rem return protectors to screen
manage-bde -cn %PC% -protectors -get c:
rem find ip address
for /f “tokens=1,2,3 delims= ” %%a in (‘ping %PC%’) do (
set IP1=%%a
set IP2=%%b
set IP3=%%c
echo !IP3! | find “[” && set IP=!IP3!
set PCIP=!IP:~1,-1!
)
Echo.
Echo.
Echo.
Echo Trying by IP address next…
Echo.
rem return protectors with ip address
manage-bde -cn !PCIP! -protectors -get c:
echo.
echo.
Echo Attempting Active Directory Import
for /f “skip=4 tokens=2 delims=:” %%g in (‘”manage-bde -cn !PCIP! -protectors -get c:”‘) do set MyVar=%%g
ping.exe -n 6 127.0.0.1>nul
REM IMPORT BITLOCKER INFO INTO AD
echo.
echo Returned ID is !MyVar!
echo.
\\%computername%\C$\Windows\system32\manage-bde.exe -cn !PCIP! -protectors -adbackup c: -id!MyVar!
pause
)
goto :LOOP
Notes
see this PowerShell script to write to computer description field in AD