BitLocker Utilities - Audit and Encrypt your C drive and Removable Drives

Sidney Sahdala
Sidney Sahdala Miami, FLMember, Kaseya Certified, Kaseyan, Kaseya Staff

KASEYAN

edited June 9 in Solutions

Version:1.1

Description:

This set contains six Agent Procedures. One to get BitLocker information from the C drive, two to encrypt the C drive, one to encrypt external drives, another to suspend BitLocker for one reboot, and the last to decrypt the C drive.

 1.       Audit - BitLocker Detailed Information

2.       Action - Suspend BitLocker Protection

3.      Config - Disable BitLocker C Drive

4.      Config - Enable BitLocker C Drive (AES256, TPM, Recovery Password, skip Hardware Test)

5.      Config - Enable BitLocker C Drive (AES256, TPM, Recovery Password, with Hardware Test)

6.      Config - Enable BitLocker on External Drive (AES256, No TPM, Recovery Password only)

Instructions:

Step 1: Create the Custom Fields

The first step (before you import the Agent Procedures) is to create the Custom Fields.

You will create seven Custom Fields of type String. The Custom Fields must be named exactly as listed below:

1.      TPM Status

2.      BitLocker Protection Status

3.      BitLocker Key Protector

4.      BitLocker Encryption Method

5.      BitLocker Recovery Key

6.      BitLocker Volume Status

7.      BitLocker Encryption Percentage

To create the Custom Fields, go to VSA > Audit > View Individual Data > Machine Summary

Next, click on the New Custom Field button, enter the Custom Field Name and Select Type String, then press Save.

Your Custom Fields will appear on the bottom of the Summary tab.

Step 2: Import the Agent Procedures

1.       Extract the XML file from the zip you downloaded from the Automation Exchange.

2.      Go to VSA > System > Server Management > Import Center then press the New Import button. (You must use the Import Center to import this)

3.      Give it a name such as BitLocker Utilities. This is just for your reference and is not used anywhere in VSA.

4.      Next, click on the Browse button then navigate and select the XML file you extracted.

5.      Click on the Process button.

6.      The Process button will change to Save. Click on the Save button.

7.      After it imports, you will see it on listed on the screen.

Your new Agent Procedures should now appear in VSA > Agent Procedures > Schedule / Create in the Shared Folders under Import Center.

Detailed documentation is included in the zip file, please read and note the warnings.

As with all Agent Procedures, please test this out on a couple of endpoints and understand how it works before applying it to a lot of production machines.

WARNING:

I have seen this inform the end-user via a pop-up toast that their drive is being encrypted. You may want to warn your end-users that you are doing this otherwise you may get panicked calls with the end-user thinking they got hit by a virus that is encrypting the drive.

Finally, I wanted to thank Markus Malina with his advice and helping me test and improve some of the Agent Procedures in this set.


Comments

  • mkmina
    mkmina Orange County CAMember, Managed Service Provider CHOCOLATE MILK

    Hello,

    This procedure is amazing. I noticed when i ran the "Config - Enable BitLocker C Drive (AES256, TPM, Recovery Password, with Hardware Test)" on a couple of machines it is not using 256 encryption method, it is using XtsAes128.

    Is there a way to fix this? do i need to reboot the machine?

    Please advise. Thank you.

  • peterlauj
    peterlauj Canton, GAMember, IT Pro CHOCOLATE MILK

    After I import the procedure I am not seeing this in the specified area per the documentation. Any ideas?

  • Paul Avolio
    Paul Avolio Member CHOCOLATE MILK

    Hmm, this seems to be setting up BitLocker and creating a recovery key, but the protection status still shows as off and the drive went instantly to 100%. As mkmina pointed out the method is showing as "XTS-AES 128".

  • Paul Avolio
    Paul Avolio Member CHOCOLATE MILK

    Hmm, this seems to be setting up BitLocker and creating a recovery key, but the protection status still shows as off and the drive went instantly to 100%. As mkmina pointed out the method is showing as "XTS-AES 128".

  • Paul Avolio
    Paul Avolio Member CHOCOLATE MILK

    I had the same issue as mkmina pointed out with the drive showing as "XTS-AES 128". I think this is related to how the drive ships from the factory (I my case new Dell computers). The drive shows as encrypted, but there is not key. you have to run the BitLocker Disable procedure first, let it finish, then run the BitLocker Enable procedure. it will then pull a key and show as "Aes256".

  • Paul Avolio
    Paul Avolio Member CHOCOLATE MILK

    Hmm, this seems to be setting up BitLocker and creating a recovery key, but the protection status still shows as off and the drive went instantly to 100%. As mkmina pointed out the method is showing as "XTS-AES 128".

  • Paul Avolio
    Paul Avolio Member CHOCOLATE MILK

    I had the same issue as mkmina pointed out with the drive showing as "XTS-AES 128". I think this is related to how the drive ships from the factory (I my case new Dell computers). The drive shows as encrypted, but there is not key. you have to run the BitLocker Disable procedure first, let it finish, then run the BitLocker Enable procedure. it will then pull a key and show as "Aes256".

  • Paul Avolio
    Paul Avolio Member CHOCOLATE MILK

    I had the same issue as mkmina pointed out with the drive showing as "XTS-AES 128". I think this is related to how the drive ships from the factory (I my case new Dell computers). The drive shows as encrypted, but there is not key. you have to run the BitLocker Disable procedure first, let it finish, then run the BitLocker Enable procedure. it will then pull a key and show as "Aes256".

  • Felix Haas
    Felix Haas Member CHOCOLATE MILK

    In some cases, the Recovery Key seems to be wrong:

    (Get-BitLockerVolume -MountPoint 'C').KeyProtector.recoverypassword gives me 2 keys:

    The first one is saved in custom fields

    The second one is printed / saved via ms-settings: (which, I guess should the valid one)

    Bitlocker once was activated on the machine - but was deactivated and fully decryped / deactivated before using the procedure

  • Sidney Sahdala
    Sidney Sahdala Miami, FLMember, Kaseya Certified, Kaseyan, Kaseya Staff

    KASEYAN

    @Felix Haas I've seen this a couple times and the Agent Procedure can't pull more than one key and there should only be one key. If you decrypt the drive (using the included Agent Procedure) then encrypt it again, it should be good. I really dont know why a drive would have more than one key but it dos happen. I have to figure out some logic to somehow document it.