Bitlocker Encryption Status

Due to recent discovery of a flaw in some SSD hardware encryption functions it’s a good thing to check what encryption method used on your disk.

I built a script that checks the disks encryption status and it returns a status on what method it is and if it is a god or bad one.

The initial seed to this script started in the Swedish SCUG Facebook group, where two fellows, Jörgen Nilsson and Mattias Borg posted a test script for checking the encryption method used. I took that seed and built it to something more in the line of what i needed, so all credits to them for putting out the first seed of this.

To read more about the issue you can go to this article.


The script can be run on a single computer either locally or via Enter-PSSession, but works best when used in SCCM via the built in Script function.

# Script to check Bitlocker encryption status
# It will return if it is ok or not and which method that is used to encrypt the disk.
# Version: 1.0

# Get the operatingsystem volume, this is the most important one.
$BitlockerVolume = Get-BitLockerVolume | select encryptionmethod,mountpoint,VolumeType,ProtectionStatus |? { $_.VolumeType -eq "OperatingSystem" }

# Setting which encryption methods that is classified as ok.
$EncOk = @(

# Setting which encryption methods that is classified as bad.
$EncBad = @(

# Compares returned encryption method and outputs status
if ( $EncOk -contains $BitlockerVolume.EncryptionMethod ) {
Write-Output "Ok - $($BitlockerVolume.EncryptionMethod)"
elseif ( $EncBad -contains $BitlockerVolume.EncryptionMethod ) {
Write-Output "Error - $($BitlockerVolume.EncryptionMethod)"
elseif ( $EncBad -notcontains $BitlockerVolume.EncryptionMethod ) {
if ( $BitlockerVolume.EncryptionMethod -ne "" ) {
Write-Output "Unknown - $($BitlockerVolume.EncryptionMethod)"}
else {
Write-Output "Unknown"}



As always these scripts are released AS-IS, usage of these script are at your on risk, i cannot guarantee functionality outside my environment.

Leave a Reply

Your email address will not be published. Required fields are marked *