SCCM can't do this out of the box but with a few modifications it's achievable.
I have read a few posts in the internet about it and most of them are confusing and don't tell you the exact steps to take.
In this post I will demonstrate step by step how to do it.
First of all go to your SCCM folder installation in the site server, browse to INSTALLATIONFOLDER\inboxes\clifiles.src\hinv and open the file sms_def.mof with a text editor.
Now scroll down to the end of the file and add the following lines:
#pragma namespace (“\\\\.\\root\\cimv2\\SMS”)#pragma deleteclass(“SCCM_BitLocker”,NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("SCCM_BitLocker"),
SMS_Class_ID ("CUSTOM|SCCM_BitLocker|1.0") ]
class SCCM_BitLocker : SMS_Class_Template
{
[SMS_Report (TRUE), key ] string Drive;
[SMS_Report (TRUE)] string DriveLabel;
[SMS_Report (TRUE)] string Size;
[SMS_Report (TRUE)] string BitLocker_Version;
[SMS_Report (TRUE)] string Conversion_Status;
[SMS_Report (TRUE)] string Percentage_Encrypted;
[SMS_Report (TRUE)] string Encryption_Method;
[SMS_Report (TRUE)] string Protection_Status;
[SMS_Report (TRUE)] string Lock_Status;
[SMS_Report (TRUE)] string Identification_Field;
[SMS_Report (TRUE)] string Key_Protectors;
[SMS_Report (TRUE)] string ScriptLastRun;
};
Once this is done, open a command prompt, browse to the same folder mentioned above and type:
mofcomp.exe /check sms_def.mof
This command will check if there is any syntax errors in the file. If the syntax is correct type:
mofcomp.exe /class:forceupdate sms_def.mof
This will add the new information to the WMI repository.
The next step is to add the new class to the WMI repository of the client machines.
Download this powershell script from here.
Before you start deploying to all computers, first get the script and run in 1 client machine to test if it's working properly.
powershell.exe .\BitLocker_Status_v1.1.ps1 -executionpolicy bypass
Now open the Configuration Manager Client and start a Hardware Inventory.
Once this is done you can check the InventoryAgent client log that you got no errors related to the BitLocker query.
Now create a report in SCCM using the query below and you should get some nice information!
SELECT v_R_System.Name0 AS Computername, v_GS_SCCM_BitLocker0.BitLocker_Version0 AS [Bitlocker Versie], v_GS_SCCM_BitLocker0.Conversion_Status0 AS [Converstion Status],
v_GS_SCCM_BitLocker0.Drive0 AS Drive, v_GS_SCCM_BitLocker0.DriveLabel0 AS DriveLabel, v_GS_SCCM_BitLocker0.Encryption_Method0 AS [Encryption Method],
v_GS_SCCM_BitLocker0.Identification_Field0 AS [Identification Field], v_GS_SCCM_BitLocker0.Key_Protectors0 AS [Key Protectors],
v_GS_SCCM_BitLocker0.Percentage_Encrypted0 AS [Percentage Encrypted], v_GS_SCCM_BitLocker0.Protection_Status0 AS [Protection Status],
v_GS_SCCM_BitLocker0.ScriptLastRun0 AS [Script Last Run]
FROM v_GS_SCCM_BitLocker0 INNER JOIN
v_R_System ON v_GS_SCCM_BitLocker0.ResourceID = v_R_System.ResourceID
Once you confirm all worked well you can start deploying the script to all your laptops.
No comments:
Post a Comment