9 Comments

1. fenderbirds on 18.10.2010 at 19:14

   nice article, keep the posts coming

2. Me on 01.07.2011 at 10:44

   Wow…it looks SO different from the exact same text posted in MSDN….

3. Norman Bauer on 01.07.2011 at 11:41

   Seems to be the same. Because its the same author… me!

4. Johnny Braun on 23.05.2012 at 16:05

   the VolumeKeyProtectorFriendlyName didn’t work for me, result was always empty… thats why i used the keyprotector. to get that info, add the following lines:

   Dim arProtectorType
   arProtectorType = Array(“Unknown”, “TPM only”, “External key”, “Numerical password”, “TPM and PIN”, “TPM and Startup Key”, “TPM and PIN and Startup Key”, “Public Key”, “Passphrase”)

   objItem.GetKeyProtectors ,ProtCol
   for Each KeyProtector in ProtCol
   objItem.GetKeyProtectorType KeyProtector,ProtectorType
   ProtectorType = arProtectorType(ProtectorType) ‘overwriting, because only the last protector object ist the active protector
   next
   wscript.echo arProtectionStatus(ProtectionStatus)

5. Johnny Braun on 23.05.2012 at 16:31

   @Johnny Braun
   last line was wrong:
   wscript.echo arProtectorType(ProtectorType)

6. Norman Bauer on 24.05.2012 at 17:28

   @Johnny Braun
   Servus…

   I don’t know where you got that from:

   ProtectorType = arProtectorType(ProtectorType) ‘overwriting, because only the last protector object ist the active protector

   but, Technet says: “The GetKeyProtectors method of the Win32_EncryptableVolume class lists the protectors used to secure the volume’s encryption key”. So you just need to replace the GetKeyProtectorFriendlyName section with parts of your code. The complete script would look like this:

   [code lang=”vb”]
   strComputer = "."
   Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption")
   Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume",,48)

   Dim arEncryptionMethod
   arEncryptionMethod = Array("None", "AES 128 With Diffuser", "AES 256 With Diffuser", "AES 128", "AES 256")

   Dim arProtectionStatus
   arProtectionStatus = Array("Protection Off", "Protection On", "Protection Unknown")

   Dim arConversionStatus
   arConversionStatus = Array("Fully Decrypted", "Fully Encrypted", "Encryption In Progress", "Decryption In Progress", "Encryption Paused", "Decryption Paused")

   Dim arLockStatus
   arLockStatus = Array("Unlocked", "Locked")

   Dim arProtectorType
   arProtectorType = Array("Unknown", "TPM only", "External key", "Numerical password", "TPM and PIN", "TPM and Startup Key", "TPM and PIN and Startup Key", "Public Key", "Passphrase")

   For Each objItem in colItems
   Dim EncryptionMethod
   Dim ProtectionStatus
   Dim ConversionStatus
   Dim EncryptionPercentage ‘Percentage of the volume that is encrypted
   Dim VolumeKeyProtectorID
   Dim LockStatus

   objItem.GetEncryptionMethod EncryptionMethod
   objItem.GetProtectionStatus ProtectionStatus
   objItem.GetConversionStatus ConversionStatus, EncryptionPercentage
   objItem.GetKeyProtectors 0,VolumeKeyProtectorID
   objItem.GetLockStatus LockStatus

   WScript.Echo "DeviceID: " & objItem.DeviceID
   Wscript.Echo "DriveLetter: " & objItem.DriveLetter
   Wscript.Echo "EncryptionMethod: " & arEncryptionMethod(EncryptionMethod)
   Wscript.Echo "ProtectionStatus: " & arProtectionStatus(ProtectionStatus)
   Wscript.Echo "ConversionStatus: " & arConversionStatus(ConversionStatus)
   Wscript.Echo "EncryptionPercentage: " & EncryptionPercentage & "%"
   Wscript.Echo "LockStatus: " & arLockStatus(LockStatus)

   For Each objId in VolumeKeyProtectorID
   Dim ProtectorType
   objItem.GetKeyProtectorType objId, ProtectorType
   Wscript.Echo "KeyProtectors by ProtectorType: " & arProtectorType(ProtectorType)

   Dim VolumeKeyProtectorFriendlyName
   objItem.GetKeyProtectorFriendlyName objId, VolumeKeyProtectorFriendlyName
   If VolumeKeyProtectorFriendlyName <> "" Then
   Wscript.Echo "KeyProtectors by FriendlyName: " & VolumeKeyProtectorFriendlyName
   End If
   Next
   Next
   [/code]

   Output should be something like this:
   [code]
   DriveLetter: C:
   EncryptionMethod: AES 128 With Diffuser
   ProtectionStatus: Protection On
   ConversionStatus: Fully Encrypted
   EncryptionPercentage: 100%
   LockStatus: Unlocked
   KeyProtectors by ProtectorType: TPM and PIN
   KeyProtectors by FriendlyName: TPMAndPin
   KeyProtectors by ProtectorType: Numerical password
   KeyProtectors by FriendlyName: DiskPassword
   [/code]

   See http://technet.microsoft.com/en-us/library/aa376441(v=vs.85).aspx for details on GetKeyProtectors method.

7. Jeff on 27.04.2017 at 22:06

   I know this is an old article but it has stopped working on newer computers. Especially it they are encrypting used space only. I believe it has something to do with the conversionstatus and encryptionmethod

8. Norman Bauer on 09.05.2017 at 05:59

   Oh yes thanks for reminding me. I ran across this problem too but didn’t update the post. As soon as I find some time I’ll post an update.

9. Bruce on 07.03.2021 at 23:51

   Thank you for your script for accessing BitLocker information via WMI. Unfortunately, it does not appear to work for me for Windows 10. I have experimented with VBScript and WMI and I can get system information on my local computer and remote computers using WMI but by not supplying “\root\CIMV2\Security\MicrosoftVolumeEncryption” as you do in your script. If I try your script it gives me a generic error on the first call to “Set objWMIService” “Error 0x80041003 Code 80041003 Source (null)” and no description. I am confident that I have the required permissions for this. Do you have an update for your script?