RE: [mssms] Compliance setting for Bitlocker Encryption Method

Fri, 06 Mar 2015 10:21:46 -0800 

That particular WMI class contains the “GetEncryptionMethod” which will return 
a value representing the encryption method according to the list of values on 
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376434(v=vs.85).aspx.

Use the instance in calling the method and that will give you the information 
that you’re looking for.  For example…


PS C:\WINDOWS\system32> $drive = Get-WmiObject -Namespace 
root\cimv2\Security\MicrosoftVolumeEncryption -Class Win32_EncryptableVolume | 
WHERE {$_.DriveLetter -eq "C:"}

PS C:\WINDOWS\system32> $drive.GetEncryptionMethod()


__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     :
__DYNASTY        : __PARAMETERS
__RELPATH        :
__PROPERTY_COUNT : 2
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
EncryptionMethod : 1
ReturnValue      : 0
PSComputerName   :




PS C:\WINDOWS\system32>


[EncryptionMethod : 1] defines that the volume is encrypted using AES 128.

Thanks,
Charles Lindsay II
Network Analyst

Florida Department of Transportation,
Enterprise Services - Technology Services and Support Office
11201 N. McKinley Drive, Tampa, FL 33612
Ph: (813) 975-6299 Email: 
[email protected]<mailto:[email protected]>
Enterprise Services: CO-TSSO ECAS Enterprise 
Services<mailto:[email protected]>

How am I doing? Please contact my supervisor Connie Kindberg at 
[email protected]<mailto:[email protected]> with 
any feedback.
Computer problem? Contact the Service Desk @ 1-866-955-4357 or email 
[email protected]<mailto:[email protected]> for 
service.

From: [email protected] [mailto:[email protected]] On 
Behalf Of Steve Whitcher
Sent: Friday, March 06, 2015 1:01 PM
To: [email protected]
Subject: [mssms] Compliance setting for Bitlocker Encryption Method

I have a compliance settings configured to check whether the C drive on our 
laptops is bitlocker encrypted, based on a WQL query of Win32_EncryptableVolume 
in the root\cimv2\security\MicrosoftVolumeEncryption namespace.  I'd like to be 
able to add a check for the Encryption Method as well (should be AES 256), but 
that wmi object doesn't seem to include this info.


Anyone know how I could create a compliance setting to check the encryption 
method?

Reply via email to