Thanks Charles. I came across that method after posting, but if I understand correctly there is no way to invoke a method from a WQL query. I think I can set the compliance setting up to run a script though, instead of a WQL query, so that might be the way to get what I need.
On Fri, Mar 6, 2015 at 12:19 PM, Lindsay, Charles < [email protected]> wrote: > That particular WMI class contains the “GetEncryptionMethod” which will > return a value representing the encryption method according to the list of > values on > https://msdn.microsoft.com/en-us/library/windows/desktop/aa376434(v=vs.85).aspx > . > > > > Use the instance in calling the method and that will give you the > information that you’re looking for. For example… > > > > > > PS C:\WINDOWS\system32> $drive = Get-WmiObject -Namespace > root\cimv2\Security\MicrosoftVolumeEncryption -Class > Win32_EncryptableVolume | WHERE {$_.DriveLetter -eq "C:"} > > > > PS C:\WINDOWS\system32> $drive.GetEncryptionMethod() > > > > > > __GENUS : 2 > > __CLASS : __PARAMETERS > > __SUPERCLASS : > > __DYNASTY : __PARAMETERS > > __RELPATH : > > __PROPERTY_COUNT : 2 > > __DERIVATION : {} > > __SERVER : > > __NAMESPACE : > > __PATH : > > EncryptionMethod : 1 > > ReturnValue : 0 > > PSComputerName : > > > > > > > > > > PS C:\WINDOWS\system32> > > > > > > [EncryptionMethod : 1] defines that the volume is encrypted using AES 128. > > > > Thanks, > > Charles Lindsay II > > *Network Analyst* > > *Florida Department of Transportation, * > > *Enterprise Services - Technology Services and Support Office* > > *11201 N. McKinley Drive, Tampa, FL 33612* > *Ph*: (813) 975-6299 *Email*: [email protected] > > *Enterprise Services: *CO-TSSO ECAS Enterprise Services > <[email protected]> > > How am I doing? Please contact my supervisor Connie Kindberg at > [email protected] with any feedback. > > Computer problem? Contact the Service Desk @ 1-866-955-4357 or email > [email protected] for service. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Steve Whitcher > *Sent:* Friday, March 06, 2015 1:01 PM > *To:* [email protected] > *Subject:* [mssms] Compliance setting for Bitlocker Encryption Method > > > > I have a compliance settings configured to check whether the C drive on > our laptops is bitlocker encrypted, based on a WQL query of > Win32_EncryptableVolume in the > root\cimv2\security\MicrosoftVolumeEncryption namespace. I'd like to be > able to add a check for the Encryption Method as well (should be AES 256), > but that wmi object doesn't seem to include this info. > > > > > > Anyone know how I could create a compliance setting to check the > encryption method? > > > >
