Wow, that's a sexy report. Do you have a blog post about it? On Tue, Dec 1, 2015, 3:56 PM Hyatt, Dewayne <[email protected]> wrote:
> Thanks guys! I’ll do some homework on this method. > > > > Dewayne > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Lindsay, Charles > *Sent:* Tuesday, December 1, 2015 3:48 PM > > > *To:* [email protected] > *Subject:* RE: [mssms] Reporting help - Bitlocker with multi disk > > > > I did what Joseph is suggesting and then just built a custom report > showing the information returned by the baseline evaluation. Our > implementation is just focused on just the C:\ drive (and actually includes > additional information), but the goal of including all internal drives can > be accomplished too. It didn’t take long to write the PowerShell script > and create the configuration item, but building the custom report that we > use took a little more time. > > > > Example: > > > > *Model* > > *Last Policy Request* > > *Configuration Item* > > *Reported Value* > > *Last Message Received* > > OptiPlex 990 > > 12/1/2015 2:53:26 PM > > > > Hard Drive Encryption > > Non-Compliant - Encryption in progress > > 12/1/2015 6:20:32 AM > > > > TPM Activated > > Compliant > > 12/1/2015 6:20:37 AM > > > > TPM Enabled > > Compliant > > 12/1/2015 6:20:34 AM > > > > TPM Ownership > > Compliant > > 12/1/2015 6:20:40 AM > > > > Thanks, > > Charles Lindsay II > > *Configuration & Patch Management* > > *Network Administrator III* > > *Florida Department of Transportation* > > *Central Office – Office of Information Technology* > > *605 Suwannee Street, Tallahassee, FL 32399* > *Ph*: (850) 414-4232 *Email*: [email protected] > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Joseph Rose > *Sent:* Tuesday, December 1, 2015 3:20 PM > *To:* [email protected] > *Subject:* RE: [mssms] Reporting help - Bitlocker with multi disk > > > > You Could create a configuration item based on WMI > > > > root\cimv2\Security\MicrosoftVolumeEncryption > > Win32_EncryptableVolume > > > > base it on the Driver letter and ProtectionStatus > > > > > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: [mssms] Reporting help - Bitlocker with multi disk > Date: Tue, 1 Dec 2015 20:05:31 +0000 > > I’m trying to tweak a report and I’ve hit a snag…. > > > > I’ve “enhanced” the “Hardware 01A - Summary of computers in a specific > collection” report to meet some specific needs for my environment. Our > policy is that all mobile systems must have bitlocker enabled. Reporting on > that part is easy, except when a system has multiple volumes I get multiple > rows with almost all redundant data, except for the protection status. > > > > Ideally what I am trying to do is if a system has multiple volumes, one of > which is not encrypted, that the report would return a 0 for that row since > according our policy, that system is not encrypted. Does that make sense? > It sounds fine in my own head but when I type it out it gets pretty mangled… > > > > So if I have a condition with a 0 and a 1, report back 0. > > > > Sorry for the pathetic wording, > > > > Dewayne > > > > > > >
