Bitlocker Encryption Status

Due to recent discovery of a flaw in some SSD hardware encryption functions it’s a good thing to check what encryption method used on your disk.

I built a script that checks the disks encryption status and it returns a status on what method it is and if it is a god or bad one.

The initial seed to this script started in the Swedish SCUG Facebook group, where two fellows, Jörgen Nilsson and Mattias Borg posted a test script for checking the encryption method used. I took that seed and built it to something more in the line of what i needed, so all credits to them for putting out the first seed of this.

To read more about the issue you can go to this article.

CheckBitlockerEncryption.ps1

The script can be run on a single computer either locally or via Enter-PSSession, but works best when used in SCCM via the built in Script function.

# Script to check Bitlocker encryption status
# It will return if it is ok or not and which method that is used to encrypt the disk.
#
# Version: 1.0

# Get the operatingsystem volume, this is the most important one.
$BitlockerVolume = Get-BitLockerVolume | select encryptionmethod,mountpoint,VolumeType,ProtectionStatus |? { $_.VolumeType -eq "OperatingSystem" }

# Setting which encryption methods that is classified as ok.
$EncOk = @(
'Aes128Diffuser',
'Aes256Diffuser',
'Aes128',
'Aes256',
'XtsAes128',
'XtsAes256')

# Setting which encryption methods that is classified as bad.
$EncBad = @(
'None',
'Hardware')

# Compares returned encryption method and outputs status
if ( $EncOk -contains $BitlockerVolume.EncryptionMethod ) {
Write-Output "Ok - $($BitlockerVolume.EncryptionMethod)"
}
elseif ( $EncBad -contains $BitlockerVolume.EncryptionMethod ) {
Write-Output "Error - $($BitlockerVolume.EncryptionMethod)"
}
elseif ( $EncBad -notcontains $BitlockerVolume.EncryptionMethod ) {
if ( $BitlockerVolume.EncryptionMethod -ne "" ) {
Write-Output "Unknown - $($BitlockerVolume.EncryptionMethod)"}
else {
Write-Output "Unknown"}
}

Download

Disclaimer

As always these scripts are released AS-IS, usage of these script are at your on risk, i cannot guarantee functionality outside my environment.

Leave a Reply

Your email address will not be published. Required fields are marked *