Hi,
I am hoping someone can help me with Flexera reporting. I would like to know which Computers have Bitlocker turned on and which ones don't. I have reports from other systems but i would like to know if Flexera can help. Thank you
Aug 12, 2020 06:20 AM
There is nothing built in to FlexNet Manager Suite which will give insight into the state of BitLocker. I have done one deployment where BitLocker state information was gathered--this involved quite a bit of reasonably complex configuration. The approach taken included:
Aug 12, 2020 06:44 AM
Thank you for your response
Aug 12, 2020 08:34 AM
Any DOC that has example of writing an ndtrack VBscript plugin to gather software details to be stored in the FlexNet inventory database, and modify the out-of-the-box FlexNet inventory adapter to import these details into the custom properties
Aug 12, 2020 09:17 AM
Hi,
There's also a WMI class for this:
gwmi Win32_EncryptableVolume -Namespace ROOT\CIMV2\Security\MicrosoftVolumeEncryption
Unfortunately, the FNMS agent still does now allow to collect WMI data outside the default namespace.
There's a native PS cmdlet for this data:
Get-BitLockerVolume
You could user PowerShell to create a custom WMI class in the default namespace and then use the wmitrack.ini to have the agent collect it for you.
Best regards,
Markward
Aug 12, 2020 09:43 AM
@Woo_Lam - this level and style of customization would typically be done in conjunction with a service provider who has experience doing this kind of work. It is complex enough that there is not a simple "go and read document XYZ and it will tell you how to do this". But here are some pointers on useful resources in this general space:
I don't know of any published documentation about ndtrack VBScript plugins - this capability is not widely used. Here is a quick cheat sheet for using this capability. (This summary assumes you already have a pretty deep understanding of how inventory gathering by the FlexNet inventory agent works.)
On each computer running the FlexNet inventory agent:
The VBScript file will be loaded and executed during the inventory gathering process. To include some data in the generated inventory NDI file, use script code like the following (with appropriate values for whatever you're seeking to achieve):
LogMessage("Running custom script")
' Create a <Hardware> element in the NDI file
Set invNode = CreateHardware("MyInfo")
' Set attributes on the <Hardware> element
invNode.SetAttribute "Class", "MyInfo"
invNode.SetAttribute "Evidence", "CustomScript"
' Create <Property> elements under the <Hardware> element in the NDI file
invNode.AddProperty "AProperty", "The value"
invNode.AddProperty "BProperty", "Another value"
This simple example illustrates use of a couple of VBScript functions available you can call from your script:
The script above will result in content like the following being placed into the NDI file (and subsequently in the HardwareClass, HardwareObject, HardwareProperty and HardwareValue tables in your inventory database once the NDI file is imported):
<Hardware Class="MyInfo" Evidence="CustomScript">
<Property Name="AProperty" Value="The value"/>
<Property Name="BProperty" Value="Another value"/>
</Hardware>
Aug 12, 2020 11:53 PM - edited Aug 20, 2020 11:17 PM
Thank you for the help
Aug 18, 2020 07:12 AM
If you are interested in BitLocker, you can check the following branch in the Windows Registry:
HKLM \ Software \ Policies \ Microsoft \ FVE
The FVE folder will exist if BitLocker is installed and enabled only. Inside this folder, you find a lot of BitLocker related configuration settings, including a key 'EnableBDEWithNoTPM' that will have a value of '1' if the current device has a 'Trusted Platform Module' chip and a BIOS that allows storing the BitLocker encryption key.
When collecting Inventory data using the Flexera agent, you can use the 'IncludeRegistryKey' option for enforcing the collection of configuration data from this part of the Windows registry.
Aug 12, 2020 03:09 PM