Windows Windows Server

How to query Windows BitLocker status remotely

QueryBitLocker1

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. BitLocker Can be used to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and boot configuration data. Kindly refer to some of these related guides: how to Enable BitLocker AES-XTX 256 Encryption Method, How to query MBAM to display the report for BitLocker Recovery for a specified period of time, How and where to find your BitLocker recovery key in Windows, What are the effects of renaming an MBAM or BitLocker-protected Computer, and how to fix unable to find compatible TPM.

Windows has two command-line shells: The Command shell and PowerShell. Each shell is a software program that provides direct communication between you and the operating system or application, providing an environment to automate IT operations. The Command Prompt is a program that emulates the input field in a text-based user interface screen with the Windows Graphical User Interface (GUI). It can be used to execute entered commands and perform advanced administrative functions. It can also be used to troubleshoot and solve certain kinds of Windows issues.

First, before proceeding, you will have to ensure the device is reachable on the network. As you can see from the image below, the device is not reachable, which could be due to many reasons as discussed Transit Failed, General Failure, Request timed out and Destination Host unreachable. But this is not limited to these only. You may also want to see how to resolve requests timed out when pinging and how to create a Firewall rule.

QueryBitLockerStatus

As you can see below, the device is now reachable and can be queried. Therefore, proceed and launch the command prompt as discussed below depending on the administrative rights to manage the remote device.

Windowsdevicepingable

Note: This task can only be performed via administrative privilege. Else, you will be prompted with the error below.

AccessBitLockerinformaiton-withAdminrights

Steps to Query WIndows Device BitLocker Status

Kindly head and launch the Windows Command Prompt wizard if you already have the necessary rights to connect to your device remotely. This can be achieved in this way.

Move the mouse pointer to the bottom-left corner of the screen and Right-click, or press the Windows key + X. In the power user task menu, select Command Prompt and ensure to run it as an Administrator
RunCMDasanAdmin

Run a Command Prompt as a Different User (RunAs)

Alternatively, if you do not already have the necessary rights to connect to the device remotely, you will have to launch the Windows Command Prompt (CMD) as a different user using the Context menu. This is considered the easiest way to run an application under another user. Just find an application (or a shortcut), in our case the Command Pompt you want to start, hold the Shift key, and right-click on it. Select Run as different user in the context menu

CMe

Soon you will be prompted to enter the username and password for this specific user. If you want to run the program as an Active Directory user, you must specify its name in the userPrincipalName “UserName@DomainName.com” or in the samAccountName “DomainName\UserName” format as it is in my case. But if your computer is joined to an AD domain, and you wish to run the program on behalf of a local user account, please specify the name in the following format: .\localusername .

Also, you could launch the Command Prompt from the Windows System32 Folder. Press Windows + E keys to bring up the File Explorer window. Click System C: drive (the drive partition where Windows is installed) and then navigate to the Windows folder > System 32 and then scroll down to locate the cmd.exe. 

To launch CMD as a diffferent uswer, you will have to hold down the shift key, and select run as different user and open the Command Prompt.

Using the manage-bde command you can check the Bitlocker encryption status on both the local Windows computer and also remote devices on the local area network. Now that you have launched the Command Prompt, you will have to use any of the commands below to remotely query the device. You will have to replace TechDA1 with your device name in question.

Manage-bde -status -cn <computername/ip> <drive letter>
manage-bde -status -cn TechDAPC1
manage-bde -status -computername TechDAPC1
querryBitLockerStatus1

You can also check an individual encryption status of a drive such as the C: drive by using the command below.

manage-bde -status -computername TechDAPC1 C:

You may also want to learn about MBAM and how to manage BitLocker, and enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can also be distributed through an electronic software distribution system, such as Active Directory Domain Services or Microsoft System Center Configuration Manager. Kindly refer to these related guides: How to perform a continuous ping on macOS, Linux, Windows, Juniper and Cisco devices, and how to deploy MBAM Client as part of a Windows Deployment, and

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x