that script checks for encryption while in WinPE, all those checks are done before the HTA displays (in WinPE) so go ahead and test it in WinPE by running the script in a command prompt
On Tue, May 14, 2013 at 6:17 PM, Burke, John <[email protected]>wrote: > ** > That is probably exactly what happened. > > So currently my zero touch has access to the system outside of winpe - so > it's easy to tell if the mcafee endpoint encryption software is installed. > > > Any suggestions as to how i would detect this from pxe to begin with? I > kknow it has to be done way earlly or everythign will crap out soon as it > has to touch the c drive. > > Nail suggested the new cf12 hta as it has some scripts to detect > encryption with bitlocker. > > I "think" its via the "isvolumnencrpted.wsf" script. which looks like it > relies on wmi. > > ****** > <job id="IsEncrypted"> > <script language="VBScript" src="..\ZTIUtility.vbs"/> > <script language="VBScript"> > > Dim oTSProgressUI > set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI") > oTSProgressUI.CloseProgressDialog() > > > strComputer = "." > Set objWMIService = GetObject("winmgmts:\\" & strComputer & > "\root\CIMV2\Security\MicrosoftVolumeEncryption") > Set colItems = objWMIService.ExecQuery( _ > "SELECT * FROM Win32_EncryptableVolume",,48) > For Each objItem in colItems > x=objItem.ProtectionStatus > > > Next > > Dim oShell > Set oShell = CreateObject("WScript.Shell") > > oEnvironment.Item("Drive_Protected") = False > > retCode = x > > msgbox "0=Protection OFF" & vbCrLf & "1= Protection ON" & vbCrLf & > "2=Protection Unknown" & vbCrLf & vbCrLf & "Protection Status Return > code is:" & retcode,0, "Checking If Volume is Encrypted" > > If(retCode = 2) OR (retCode = 1) Then > oEnvironment.Item("Drive_Protected") = True > End If > > WScript.Quit(0) > </script> > </job> > **** > > BUT this must be getting called in the OS. I need something that can be > called in winpe. Or maybe I should simply just call something and let the > tech decide if it's encrypted? > > ------------------------------ > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael Niehaus > *Sent:* Monday, May 13, 2013 11:34 PM > *To:* [email protected] > *Subject:* [MDT-OSD] RE: OSD - TS - Question - Can you use a registry > check condition whilst in winpe or do you have to use some other kind? > > Well, you could probably include registry checks but they would be > checking the Windows PE registry, not the old OS registry, so I doubt that > would do you much good J**** > > ** ** > > Thanks,**** > > -Michael**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Burke, John > *Sent:* Monday, May 13, 2013 6:05 PM > *To:* [email protected] > *Subject:* [MDT-OSD] OSD - TS - Question - Can you use a registry check > condition whilst in winpe or do you have to use some other kind?**** > > ** ** > > I'm guessing hte answer is yes, but i'm just doing a sanity check since I > couldn't find anything on line about it.**** > > **** > > When doing zero touch i have a few variables set based on registry keys > existing in wow6432node and software node. **** > > **** > > they skipped right past them when the same check was tried in winpe. **** > > **** > > Wondering what checks I can use. File system and wmi checks only?**** > >
