BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. In this guide, you will learn how to query Windows BitLocker status remotely. Kindly refer to some of these related guides: how to Enable BitLocker AES-XTX 256 Encryption Method, How to query MBAM to display the report for BitLocker Recovery for a specified period of time, How and where to find your BitLocker recovery key in Windows, What are the effects of renaming an MBAM or BitLocker-protected Computer, and how to fix unable to find compatible TPM.
BitLocker provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. BitLocker helps mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive. This includes the swap files and hibernation files, and checking the integrity of early boot components and boot configuration data.
Windows has two command-line shells: The Command shell and PowerShell. Each shell is a software program that provides direct communication between you and the operating system or application, providing an environment to automate IT operations. Learn how to disable Data Execution Prevention and determine that hardware DEP is available and configured, and how to download and use the NirSorf WakeonLan tool.
The Command Prompt (CMD) is a program that emulates the input field in a text-based user interface screen with the Windows Graphical User Interface (GUI). The CMD is used to execute commands, also perform advanced administrative functions which can be used to troubleshoot and solve certain kinds of Windows issues also.
Fix “Error occurred while connecting to the BitLocker Management Interface”
First, before proceeding, you will have to ensure the device is reachable on the network. As you can see from the image below, the device is not reachable. This could be due to many reasons as discussed Transit Failed, General Failure, Request timed out and Destination Host unreachable.
As you can see below, the device is now reachable and can be queried. Therefore, proceed and launch the command prompt as discussed below depending on the administrative rights to manage the remote device.
This task can only be performed via administrative privilege. Else, you will be prompted with the error below.
Steps to Query WIndows Device BitLocker Status
Launch the Windows Command Prompt wizard if you already have the necessary rights to connect to your device remotely. Please follow the steps below for more information.
Move the mouse pointer to the bottom-left corner of the screen and Right-click, or press the Windows key + X. In the power user task menu, select Command Prompt and ensure to run it as an Administrator
Run a Command Prompt as a Different User (RunAs)
Alternatively, if you do not already have the necessary rights to connect to the device remotely, you will have to launch the Windows Command Prompt (CMD) as a different user using the Context menu.
This is the easiest way to run an application under another user context. Just find an application (or a shortcut), in our case the Command Prompt you want to start, hold the Shift key, and right-click on it. Select Run as a different user in the context menu
Next, you will be prompted to enter the username and password for this specific user. If you want to run the program as an Active Directory user, you must specify its name in the userPrincipalName “UserName@DomainName.com” or in the samAccountName “DomainName\UserName” format as it is in my case.
But if your computer is joined to an AD domain, and you wish to run the program on behalf of a local user account, please specify the name in the following format: .\localusername .
Also, you could launch the Command Prompt from the Windows System32 Folder. Press Windows + E keys to bring up the File Explorer window. Click System C: drive (the drive partition where Windows is installed) and then navigate to the Windows folder > System 32 and then scroll down to locate the cmd.exe. To launch CMD as a different user. You will have to hold down the shift key, select run as a different user and open the Command Prompt.
Administer BtLocker via the Manage-bde Commands
Using the manage-bde command you can check the Bitlocker encryption status on both the local Windows computer and also remote devices on the local area network. Now that you have launched the Command Prompt. You will have to use any of the commands below to remotely query the device. You will have to replace TechDA1 with your device name in question.
Manage-bde -status -cn <computername/ip> <drive letter>manage-bde -status -cn TechDAPC1manage-bde -status -computername TechDAPC1
To check an individual encryption status of a drive such as the C: drive by using the command below.
manage-bde -status -computername TechDAPC1 C:Learn about MBAM and how to manage BitLocker, and enforce and monitor BitLocker drive encryption on computers in the enterprise. The MBAM client can be distributed through an electronic software distribution system. Examples of these are Active Directory Domain Services or Microsoft System Center Configuration Manager.
I hope you found this blog post helpful. In this guide, you have learned how to query Windows BitLocker status remotely. If you have any questions, please let me know in the comment session.