I did what Joseph is suggesting and then just built a custom report showing the information returned by the baseline evaluation. Our implementation is just focused on just the C:\ drive (and actually includes additional information), but the goal of including all internal drives can be accomplished too. It didn't take long to write the PowerShell script and create the configuration item, but building the custom report that we use took a little more time.
Example: Model Last Policy Request Configuration Item Reported Value Last Message Received OptiPlex 990 12/1/2015 2:53:26 PM Hard Drive Encryption Non-Compliant - Encryption in progress 12/1/2015 6:20:32 AM TPM Activated Compliant 12/1/2015 6:20:37 AM TPM Enabled Compliant 12/1/2015 6:20:34 AM TPM Ownership Compliant 12/1/2015 6:20:40 AM Thanks, Charles Lindsay II Configuration & Patch Management Network Administrator III Florida Department of Transportation Central Office - Office of Information Technology 605 Suwannee Street, Tallahassee, FL 32399 Ph: (850) 414-4232 Email: [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Joseph Rose Sent: Tuesday, December 1, 2015 3:20 PM To: [email protected] Subject: RE: [mssms] Reporting help - Bitlocker with multi disk You Could create a configuration item based on WMI root\cimv2\Security\MicrosoftVolumeEncryption Win32_EncryptableVolume base it on the Driver letter and ProtectionStatus ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: [mssms] Reporting help - Bitlocker with multi disk Date: Tue, 1 Dec 2015 20:05:31 +0000 I'm trying to tweak a report and I've hit a snag.... I've "enhanced" the "Hardware 01A - Summary of computers in a specific collection" report to meet some specific needs for my environment. Our policy is that all mobile systems must have bitlocker enabled. Reporting on that part is easy, except when a system has multiple volumes I get multiple rows with almost all redundant data, except for the protection status. Ideally what I am trying to do is if a system has multiple volumes, one of which is not encrypted, that the report would return a 0 for that row since according our policy, that system is not encrypted. Does that make sense? It sounds fine in my own head but when I type it out it gets pretty mangled... So if I have a condition with a 0 and a 1, report back 0. Sorry for the pathetic wording, Dewayne
