Bitlocker script update

2021-03-27 00:47:11 -04:00 · 2021-03-27 00:47:11 -04:00 · ddb610f1bc
parent f899905d27
commit ddb610f1bc
2 changed files with 99 additions and 98 deletions
--- a/api/tacticalrmm/scripts/community_scripts.json
+++ b/api/tacticalrmm/scripts/community_scripts.json
@ -77,11 +77,12 @@
        "shell": "powershell"
    },
    {
-        "filename": "bitlocker_create_status_report.ps1",
+        "filename": "Win_Bitlocker_Create_Status_Report.ps1",
        "submittedBy": "https://github.com/ThatsNASt",
        "name": "Create Bitlocker Status Report",
        "description": "Creates a Bitlocker status report.",
-        "shell": "powershell"
+        "shell": "powershell",
        "category": "TRMM (Win):Storage"
    },
    {
        "filename": "bitlocker_retrieve_status_report.ps1",
--- a/scripts/Win_Bitlocker_Create_Status_Report.ps1
+++ b/scripts/Win_Bitlocker_Create_Status_Report.ps1
@ -1,97 +1,97 @@
-## Copied from https://github.com/ThatsNASt/tacticalrmm to add to new pull request for https://github.com/wh1te909/tacticalrmm
+## Copied from https://github.com/ThatsNASt/tacticalrmm to add to new pull request for https://github.com/wh1te909/tacticalrmm
-function Log-Message {
+function Log-Message {
-    Param
+    Param
-    (
+    (
-        [Parameter(Mandatory = $true, Position = 0)]
+        [Parameter(Mandatory = $true, Position = 0)]
-        [string]$LogMessage,
+        [string]$LogMessage,
-        [Parameter(Mandatory = $false, Position = 1)]
+        [Parameter(Mandatory = $false, Position = 1)]
-        [string]$LogFile,
+        [string]$LogFile,
-        [Parameter(Mandatory = $false, Position = 2)]
+        [Parameter(Mandatory = $false, Position = 2)]
-        $Echo
+        $Echo
-    )
+    )
-    if ($LogFile) {
+    if ($LogFile) {
-        Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage) | Out-File -Append $LogFile
+        Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage) | Out-File -Append $LogFile
-        if ($Echo) {
+        if ($Echo) {
-            Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage)
+            Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage)
-        }
+        }
-    }
+    }
-    Else {
+    Else {
-        Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage)
+        Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage)
-    }
+    }
-}
+}
-$log = "BitlockerReport.txt"
+$log = "BitlockerReport.txt"
-
+
-#Find BL info
+#Find BL info
-$mbde = [string](manage-bde -status)
+$mbde = [string](manage-bde -status)
-$mbdeProt = (manage-bde -protectors -get c: | Select-Object -Skip 6)
+$mbdeProt = (manage-bde -protectors -get c: | Select-Object -Skip 6)
-#Dig out the recovery password, check for PIN
+#Dig out the recovery password, check for PIN
-ForEach ($line in $mbdeProt) {
+ForEach ($line in $mbdeProt) {
-    if ($line -like "******-******-******-******-******-******-******-******") {
+    if ($line -like "******-******-******-******-******-******-******-******") {
-        $RecoveryPassword = $line.Trim()
+        $RecoveryPassword = $line.Trim()
-    }
+    }
-    if ($line -like "*TPM And PIN:*") {
+    if ($line -like "*TPM And PIN:*") {
-        $PIN = $true
+        $PIN = $true
-    }
+    }
-}
+}
-#Determine BL status
+#Determine BL status
-if ($mbde.Contains("Fully Decrypted")) {
+if ($mbde.Contains("Fully Decrypted")) {
-    $Encrypted = "No"
+    $Encrypted = "No"
-}
+}
-if ($mbde.Contains("Fully Encrypted")) {
+if ($mbde.Contains("Fully Encrypted")) {
-    $Encrypted = "Yes"
+    $Encrypted = "Yes"
-}
+}
-if ($mbde.Contains("Encryption in Progress")) {
+if ($mbde.Contains("Encryption in Progress")) {
-    $Encrypted = "InProgress"
+    $Encrypted = "InProgress"
-}
+}
-if ($mbde.Contains("Decryption in Progress")) {
+if ($mbde.Contains("Decryption in Progress")) {
-    $Encrypted = "InProgressNo"
+    $Encrypted = "InProgressNo"
-}
+}
-
+
-#Check for recovery password, report if found.
+#Check for recovery password, report if found.
-if ($RecoveryPassword) {
+if ($RecoveryPassword) {
-    Try {
+    Try {
-        Log-Message "RP: $RecoveryPassword" $log e -ErrorAction Stop
+        Log-Message "RP: $RecoveryPassword" $log e -ErrorAction Stop
-    }
+    }
-    #Catch for recovery password in place but encryption not active
+    #Catch for recovery password in place but encryption not active
-    Catch {
+    Catch {
-        Log-Message "Could not retrieve recovery password, but it is enabled." $log e
+        Log-Message "Could not retrieve recovery password, but it is enabled." $log e
-    }
+    }
-}
+}
-if (!$RecoveryPassword) {
+if (!$RecoveryPassword) {
-    Log-Message "No Recovery Password found." $log e
+    Log-Message "No Recovery Password found." $log e
-}
+}
-
+
-#Try to make a summary for common situations
+#Try to make a summary for common situations
-if ($Encrypted -eq "No" -and !$RecoveryPassword) {
+if ($Encrypted -eq "No" -and !$RecoveryPassword) {
-    Log-Message "WARNING: Decrypted, no password." $log e
+    Log-Message "WARNING: Decrypted, no password." $log e
-    exit 2001
+    exit 2001
-}
+}
-if ($Encrypted -eq "No" -and $RecoveryPassword) {
+if ($Encrypted -eq "No" -and $RecoveryPassword) {
-    Log-Message "WARNING: Decrypted, password set. Interrupted process?" $log e
+    Log-Message "WARNING: Decrypted, password set. Interrupted process?" $log e
-    exit 2002
+    exit 2002
-}
+}
-if ($Encrypted -eq "Yes" -and !$RecoveryPassword) {
+if ($Encrypted -eq "Yes" -and !$RecoveryPassword) {
-    Log-Message "WARNING: Encrypted, no password." $log e
+    Log-Message "WARNING: Encrypted, no password." $log e
-    exit 2000
+    exit 2000
-}
+}
-if ($Encrypted -eq "InProgress" -and $RecoveryPassword) {
+if ($Encrypted -eq "InProgress" -and $RecoveryPassword) {
-    Log-Message "WARNING: Encryption in progress, password set." $log e
+    Log-Message "WARNING: Encryption in progress, password set." $log e
-    exit 3000
+    exit 3000
-}
+}
-if ($Encrypted -eq "InProgress" -and !$RecoveryPassword) {
+if ($Encrypted -eq "InProgress" -and !$RecoveryPassword) {
-    Log-Message "WARNING: Encryption in progress, no password." $log e
+    Log-Message "WARNING: Encryption in progress, no password." $log e
-    exit 3001
+    exit 3001
-}
+}
-if ($Encrypted -eq "InProgressNo") {
+if ($Encrypted -eq "InProgressNo") {
-    Log-Message "WARNING: Decryption in progress" $log e
+    Log-Message "WARNING: Decryption in progress" $log e
-    exit 3002
+    exit 3002
-}
+}
-if ($Encrypted -eq "Yes" -and $RecoveryPassword -and !$PIN) {
+if ($Encrypted -eq "Yes" -and $RecoveryPassword -and !$PIN) {
-    Log-Message "WARNING: Encrypted, PIN DISABLED, password is set." $log e
+    Log-Message "WARNING: Encrypted, PIN DISABLED, password is set." $log e
-    exit 3003
+    exit 3003
-}
+}
-if ($Encrypted -eq "Yes" -and $RecoveryPassword -and $PIN -eq $true) {
+if ($Encrypted -eq "Yes" -and $RecoveryPassword -and $PIN -eq $true) {
-    Log-Message "SUCCESS: Encrypted, PIN enabled, password is set." $log e
+    Log-Message "SUCCESS: Encrypted, PIN enabled, password is set." $log e
-    Write-Host "Script check passed"
+    Write-Host "Script check passed"
-    exit 0
+    exit 0
 }