-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbitlocker script information
More file actions
48 lines (39 loc) · 1.33 KB
/
Copy pathbitlocker script information
File metadata and controls
48 lines (39 loc) · 1.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
.SYNOPSIS
Audit BitLocker status on domain-joined Windows endpoints.
.DESCRIPTION
This script queries Active Directory for all computers, connects to each via PowerShell,
and checks whether BitLocker is enabled on the C: drive. Results are exported to Excel.
.NOTES
Requires:
- Administrator privileges
- WinRM enabled on endpoints
- ActiveDirectory module
- ImportExcel module
#>
Import-Module ActiveDirectory
Import-Module ImportExcel
$results = @()
$computers = Get-ADComputer -Filter * | Select-Object -ExpandProperty Name
foreach ($computer in $computers) {
try {
$status = Invoke-Command -ComputerName $computer -ScriptBlock {
(Get-BitLockerVolume -MountPoint "C:").ProtectionStatus
} -ErrorAction Stop
$bitlockerStatus = if ($status -eq 1) { "ON" } else { "OFF" }
$results += [PSCustomObject]@{
ComputerName = $computer
BitLockerStatus = $bitlockerStatus
Reachable = "Yes"
}
}
catch {
$results += [PSCustomObject]@{
ComputerName = $computer
BitLockerStatus = "Unknown"
Reachable = "No"
}
}
}
$path = "C:\Temp\BitLocker_Report.xlsx"
$results | Export-Excel -Path $path -AutoSize -BoldTopRow -WorksheetName "BitLocker Status"
Write-Host "BitLocker audit complete. Report saved to $path"