-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathGet-BitlockerComputerReport.ps1
More file actions
105 lines (89 loc) · 4.41 KB
/
Get-BitlockerComputerReport.ps1
File metadata and controls
105 lines (89 loc) · 4.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
######################################################################################################
#
# NAME: Get-BitlockerComputerReport.ps1
#
# AUTHOR: Vaughn Miller
#
# Based on this Technet Gallery Script : http://gallery.technet.microsoft.com/4231a8a1-cc60-4e07-a098-2844353186ad
#
# Requires the Quest ActiveRoles Management Shell for Active Directory
# Installer from Quest can be downloaded here : http://www.quest.com/powershell/activeroles-server.aspx
#
#######################################################################################################
# Check to make sure the path has been specified otherwise display a message and exit the script
param([string]$CsvFilePath)
if (!$CsvFilePath) {
Write-Host ""
Write-Host "Path not not specified!"
Write-Host "Please specify the path for the output as a parameter e.g. : "
Write-Host ".\Get-BitlockerComputerReport.ps1 """c:\reports\BitlockerReport.csv""""
Exit
}
# Check to make sure the correct snapins are installed and loaded otherwise exit the script
$snaps1 = Get-PSSnapin -Registered
$snaps2 = Get-PSSnapin Quest* -ErrorAction SilentlyContinue
$questsnap = 0
foreach ($snap1 in $snaps1) {
if ($snap1.name -eq "Quest.ActiveRoles.ADManagement") {
write-host "Quest Snapin Registered"
$questsnap = 1
}
}
if ($questsnap -eq 0) {
Write-Host "Quest Snapin not Registered."
Write-Host "Please install the Quest ActiveRoles Management Shell for Active Directory"
Write-Host "Download from : http://www.quest.com/powershell/activeroles-server.aspx"
Exit
}
if ($questsnap -eq 1) {
foreach ($snap2 in $snaps2) {
if($snap2.name -eq "Quest.ActiveRoles.ADManagement") {
Write-Host "Quest Snapin already loaded"
$questsnap = 2
}
}
if ($questsnap -ne 2) {
Write-Host "Loading Quest Snapin..."
Add-PSSnapin Quest.ActiveRoles.ADManagement
}
}
################################################################################
# Start of the main script
#################################################################################
$SearchContainer = "DN=Computers,DC=example,DC=com"
write-host "Starting query..."
#Query Active Directory
$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties Name,ParentContainer | Where-Object {$_.type -eq "msFVE-RecoveryInformation"} | Foreach-Object {Split-Path -Path $_.ParentContainer -Leaf} | Select-Object -Unique
$computers = Get-QADComputer -SearchRoot $SearchContainer -SizeLimit 0 -IncludedProperties Name,OperatingSystem,ModificationDate,ParentContainer,msTPM-OwnerInformation | Where-Object {$_.operatingsystem -like "Windows 7*" -or $_.operatingsystem -like "Windows Vista*"} | Sort-Object Name
#Create array to hold computer information
$export = @()
foreach ($computer in $computers)
{
#Create custom object for each computer
$computerobj = New-Object -TypeName psobject
#Add desired properties to custom object
$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value $computer.Name
$computerobj | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $computer.operatingsystem
$computerobj | Add-Member -MemberType NoteProperty -Name ModificationDate -Value $computer.ModificationDate
$computerobj | Add-Member -MemberType NoteProperty -Name ParentContainer -Value $computer.ParentContainer
#Set HasBitlockerRecoveryKey to true or false, based on matching against the computer-collection with BitLocker recovery information
if ($computer.name -match ('(' + [string]::Join(')|(', $bitlockerenabled) + ')')) {
$computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $true
}
else
{
$computerobj | Add-Member -MemberType NoteProperty -Name HasBitlockerRecoveryKey -Value $false
}
#Set HasTPM-OwnerInformation to true or false, based on the msTPM-OwnerInformation on the computer object
if ($computer."msTPM-OwnerInformation") {
$computerobj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $true
}
else
{
$computerobj | Add-Member -MemberType NoteProperty -Name HasTPM-OwnerInformation -Value $false
}
#Add the computer object to the array with computer information
$export += $computerobj
}
#Export the array with computer information to the user-specified path
$export | Export-Csv -Path $CsvFilePath -NoTypeInformation