Jump to content

Recommended Posts

Posted (edited)

I have a question to this members who uses TPM (Trusted Platform Module) + BitLocker on Windows10 Pro in their work.
I want to ask if using TPM on your PC did you encounter any problems, and if  computer slow down ?

Other question is:
How to check using Autoit - if Computer uses BitLocker on desired partition.

 

EDIT:
Answering please provide information about specyfic PC configuration.

 

EDIT2:

I just found:

 

....  but the question about speed / slowing down is still valid.

 

Edited by mLipok

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

  • Developers
Posted

We rolled out bitocker on some 4000+ laptops a couple of years ago and I wrote this vbs to list the rollout status which is displayed in xml used by the inventory package we used at the time:

Const ForAppending = 8
Const SetPres = 10
const HKEY_LOCAL_MACHINE = &H80000002
const REG_SZ = 1
const REG_EXPAND_SZ = 2
const REG_BINARY = 3
const REG_DWORD = 4
const REG_MULTI_SZ = 7

Dim bIsEnabled,bIsActivated,bIsOwned,bIsOwnershipAllowed,objTPM,objLog,TakeOwnership,Enable,objEnVol,strStatusTPM,strStatusBDE,strStatusTPMState
Dim objGPPT,strOwnerPassword,strPassword,objWMIBDE,nProtStatus,ProtectVar,objOSSysDriv,objSWbemServices,objOS,coloperatingsystem,sProtID,strOldOwnerPassword
Dim argProtect,argRK,argEM,argSMS,argLOG,argRO,argPrompt,strCurrentUser,argValid,i,strPIN,objRemovableDrive,strStatusCode,strStatusData,MIF,strEKP,strEK
Dim ActiveDirectoryBackup,ActiveDirectoryInfoToStore,RequireActiveDirectoryBackup,EncryptionMethod,BackupMandatory,strStartDate,strStartTime,strRetry,strPolicy
DIM TPM_Enabled, TMP_err, Drive_St, lDriveType

'~ on error resume next
DIM tpmst,encst, systempart, part_details
tpmst = ConnectTPMProv()
encst = DriveEncryted()
systempart = ""
part_details = ""
getsystempart systempart, part_details

writeXML "C:",tpmst&encst,"",systempart,part_details

WScript.sleep(1000)
WScript.Quit(0)

Function ConnectTPMProv()
	on error resume next
	strConnectionStr1 = "winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root\cimv2\Security\MicrosoftTpm"
	TPM_Enabled = 0
	Encryption_status = 0
	TMP_err = 0
	err.clear
	Set objWMITPM = GetObject(strConnectionStr1)
	If Err.Number <> 0 Then
		'~ Wscript.Echo "ERROR - Failed to connect to the MicrosoftTPM provider."
		TPM_Enabled = 9
	Else
		'~ Wscript.Echo "Connection succeeded to MicrosoftTPM"
		' There should either be 0 or 1 instance of the TPM provider class

		Set colTpm = objWMITPM.InstancesOf("Win32_Tpm")
		If colTpm.Count = 0 Then
			'~ Wscript.Echo "ERROR - Failed get a TPM instance in the provider class. Script is exiting..."
		Else
			'Get a single instance of the TPM provider class
			Set objTpm = objWMITPM.Get("Win32_Tpm=@")
			If Err.Number <> 0 Then
				'~ Wscript.Echo "ERROR - Failed get a TPM instance in the provider class. Script is exiting...(Error: " & Err.Number & ")"
			Else
				TPM_Enabled = 1
				'~ Wscript.Echo "Successfully retrieved a TPM instance from the Win32_TPM provider class"
				GetTPMStatus() 'Get the current status of the TPM to determine action
				'~ Wscript.Echo "bIsEnabled:" & bIsEnabled & "bIsActivated:" & bIsActivated & "   bIsOwned:" & bIsOwned
				'The following If statements cause the script to react differently depending on the TPM state

				If bIsEnabled = "True" and bIsActivated = "True" and bIsOwned = "True" Then
					'~ Wscript.Echo "TPM is in a ready state to enable BitLocker."
					TPM_Enabled = 6
				ElseIf bIsEnabled = "True" and bIsActivated = "True" and bIsOwned = "False" Then
					'~ Wscript.Echo "TPM ownership is not taken."
					TPM_Enabled = 5
				ElseIf bIsEnabled = "True" and bIsActivated = "False" and bIsOwned = "False" Then
					'~ Wscript.Echo "TPM is turned on but not activated.."
					TPM_Enabled = 4
				ElseIf bIsEnabled = "False" And bIsActivated = "False" and bIsOwned = "False" Then
					'~ Wscript.Echo "TPM is not turned on.."
					TPM_Enabled = 3
				ElseIf bIsEnabled = "False" and bIsActivated = "True" and bIsOwned = "True" Then
					'~ Wscript.Echo "TPM is not enabled"
					TPM_Enabled = 2
				End If
			End If
		End If
	end if
	Err.Clear
	ConnectTPMProv = TPM_Enabled
	return 1
	'
End Function

function DriveEncryted()
	on error resume next
	Dim systempart, part_details,strDrive,strProtectionStatus,strVolumeId, encsts
	encsts = 0
	' Check whether the C: drive is encrypted
	' WMI connection to Win32_EncryptableVolume, note that this will be only available on devices where BitLocker is enabled
	'~ Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2\Security\MicrosoftVolumeEncryption")
	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root\cimv2\Security\MicrosoftVolumeEncryption")
	'
	If Err.Number <> 0 Then
		'~ Wscript.Echo "ERROR - Failed to connect to the MicrosoftVolumeEncryption provider."
		encsts = 9
	else
		Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume ",,48)
		For Each objItem in colItems
			teller = teller + 1
			strProtectionStatus = objItem.ProtectionStatus
			strDrive = objItem.DriveLetter
			strVolumeId = objItem.PersistentVolumeID
			'~ Numeric value that corresponds to the type of disk drive this logical disk represents.
			'~ Unknown (0)
			'~ No Root Directory(1)
			'~ Removable Disk(2)
			'~ Local Disk(3)
			'~ Network Drive(4)
			'~ Compact Disc (5)
			'~ RAM Disk (6)
			if GetDriveType(strDrive) = 3 then
				'~ Wscript.Echo "strProtectionStatus " & strProtectionStatus
				GetVolName(strDrive)
				'~ WScript.Echo "2.systempart  : " & systempart
				'~ WScript.Echo "2.part_details: " & part_details
				if strProtectionStatus = "1" then
					encsts = 1
				end if
			end if
		Next
		if teller = 0 then
			encsts = 9
		end if
	end if
	DriveEncryted=encsts
	return
End Function


Function GetDriveType(DriveLetter)
	'~ Wscript.Echo "### Get Disk DriveType for " & DriveLetter
	'~ Enumerating Logical Disk Drive Properties
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:" _
		& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	Set colDisks = objWMIService.ExecQuery _
		("Select * from Win32_LogicalDisk")
	For each objDisk in colDisks
		if objDisk.DeviceID = DriveLetter then
			GetDriveType = objDisk.DriveType
			'~ Wscript.Echo "DeviceID: " & DriveLetter & "  DriveType:" & GetDriveType
			Exit Function
		end if
	Next
	'~ Wscript.Echo "! DeviceID: " & DriveLetter& "  DriveType not found."
End Function

Function GetVolName(DriveLetter)
	'~ Wscript.Echo "### Get Disk DriveType for " & DriveLetter
	'~ Enumerating Logical Disk Drive Properties
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:" _
		& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	Set colDisks = objWMIService.ExecQuery _
		("Select * from Win32_LogicalDisk")
	For each objDisk in colDisks
		if objDisk.DeviceID = DriveLetter then
			GetVolName = objDisk.VolumeName
			'~ Wscript.Echo "DeviceID: " & DriveLetter & "  info:" & GetVolName
			Exit Function
		end if
	Next
	'~ Wscript.Echo "! DeviceID: " & DriveLetter& "  DriveType not found."
End Function

Function ProtectStatus (strProtectionStatus)
	Select Case strProtectionStatus
		Case 0
			ProtectStatus = "OFF"
		Case 1
			ProtectStatus = "ON"
		Case 2
			ProtectStatus = "Unk"
	End Select
End Function

Function GetTPMStatus()
	on error resume next
	Err.Clear
	nRC = objTpm.IsEnabled(bIsEnabled)

	If nRC <> 0 Then
		'~ Wscript.Echo "ERROR - The method IsEnabled failed with return code 0x" & Hex(nRC)
	End If

	Err.Clear
	nRC = objTpm.IsActivated(bIsActivated)
	If nRC <> 0 Then
		'~ Wscript.Echo "ERROR - The method IsActivated failed with return code 0x" & Hex(nRC)
	End If

	Err.Clear
	nRC = objTpm.IsOwned(bIsOwned)
	If nRC <> 0 Then
		'~ Wscript.Echo "ERROR - The method IsOwned failed with return code 0x" & Hex(nRC)
	End If

	strStatusTPMState = "TPM found in the following state: Enabled - " & bIsEnabled & ", Activated - " & bIsActivated & ", Owned - " & bIsOwned

End Function

Sub getsystempart(systempart,part_details)
	strComputer = "."
	systempart = 7
	part_details = ""
	Set objWMIService = GetObject("winmgmts:" _
		& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

	Set colItems = objWMIService.ExecQuery("Select * from Win32_Volume")

	For Each objItem In colItems
		'~ WScript.Echo "Caption: " & objItem.Caption & "   Label:" & objItem.Label & "   Size:" & objItem.Capacity & "   " & mid(objItem.Caption,2,1)
		part_details = part_details& "#"  & objItem.Caption & "|" & objItem.Label & "|" & objItem.Capacity
		' * Didn't work because some had "System" as Label
		'~ if objItem.Label = "System Reserved" then
			'~ systempart = 1
		'~ end if
		'
		if lcase(mid(objItem.Caption,2,2)) <> ":" and  objItem.Capacity < 20000000000 then
			systempart = 1
		end if
	Next
	'~ WScript.Echo "systempart  : " & systempart
	'~ WScript.Echo "part_details: " & part_details
End sub

Sub writeXML(strDrive,TPM_Enabled,strVolumeId,Syspart,SyspartDet)
	Wscript.Echo "<SOFTWARES>" & vbCrLf & _
		"<PUBLISHER>Staples Specific</PUBLISHER>" & vbCrLf & _
		"<NAME>Bitlocker_Status</NAME>" & vbCrLf & _
		"<VERSION>" & TPM_Enabled & "</VERSION>" & vbCrLf & _
		"<FOLDER>" & strDrive & "/</FOLDER>" & vbCrLf & _
		"<COMMENTS>" & SyspartDet & "</COMMENTS>" & vbCrLf & _
		"<FILENAME>" & strVolumeId &"</FILENAME>" & vbCrLf & _
		"<FILESIZE>" & Syspart & "</FILESIZE>" & vbCrLf & _
		"<GUID />" & vbCrLf & _
		"<LANGUAGE />" & vbCrLf & _
		"<INSTALLDATE>2016-05-02 10:30:00</INSTALLDATE>" & vbCrLf & _
		"<BITSWIDTH>0</BITSWIDTH>" & vbCrLf & _
		"<SOURCE>1</SOURCE>" & vbCrLf & _
		"</SOFTWARES>"
End Sub
'

We had no issues with performance.

Jos 

 

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Posted

Thanks.

I will back to this after my vacation which I start quite soon.

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

  • 1 month later...
Posted

Here is quick convertion:

;~ https://www.autoitscript.com/forum/topic/194953-trusted-platform-module-bitlocker/?

Const $iForAppending = 8
Const $iSetPres = 10
;~ const $HKEY_LOCAL_MACHINE = &H80000002
Const $REG_SZ = 1
Const $REG_EXPAND_SZ = 2
Const $REG_BINARY = 3
Const $REG_DWORD = 4
Const $REG_MULTI_SZ = 7

Dim $__g_bIsEnabled, $__g_bIsActivated, $__g_bIsOwned, $__g_bIsOwnershipAllowed, $o_objTpm, $__g_objLog, $__g_TakeOwnership, $Enable, $__g_objEnVol, $__g_strStatusTPM, $__g_strStatusBDE, $__g_strStatusTPMState
Dim $o_objGPPT, $s_strOwnerPassword, $s_strPassword, $objWMIBDE, $nProtStatus, $ProtectVar, $objOSSysDriv, $objSWbemServices, $objOS, $coloperatingsystem, $sProtID, $s_strOldOwnerPassword
Dim $argProtect, $argRK, $argEM, $argSMS, $argLOG, $argRO, $argPrompt, $strCurrentUser, $argValid, $i, $strPIN, $objRemovableDrive, $strStatusCode, $strStatusData, $MIF, $strEKP, $strEK
Dim $ActiveDirectoryBackup, $ActiveDirectoryInfoToStore, $RequireActiveDirectoryBackup, $EncryptionMethod, $BackupMandatory, $s_strStartDate, $s_strStartTime, $s_strRetry, $s_strPolicy
Dim $i_TPM_Enabled, $i_TMP_err, $__g_Drive_St, $__g_lDriveType

;~ on error resume next
Dim $_tpmst, $_encst, $systempart, $part_details
$_tpmst = ConnectTPMProv()
$_encst = DriveEncryted()
$systempart = ""
$part_details = ""
getsystempart($systempart, $part_details)

writeXML("C:", $_tpmst & $_encst, "", $systempart, $part_details)

Sleep(1000)
Exit

Func ConnectTPMProv()
;~  on error resume next
    $s_strConnectionStr1 = "winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root\cimv2\Security\MicrosoftTpm"
    $i_TPM_Enabled = 0
    $i_Encryption_status = 0
    $i_TMP_err = 0
;~  err.clear
    Local $o_objWMITPM = ObjGet($s_strConnectionStr1)
;~  If Err.Number <> 0 Then
    If @error Then
;~ Wscript.Echo "ERROR - Failed to connect to the MicrosoftTPM provider."
        $i_TPM_Enabled = 9
    Else
;~ Wscript.Echo "Connection succeeded to MicrosoftTPM"
        ; There should either be 0 or 1 instance of the TPM provider class

        Local $o_colTpm = $o_objWMITPM.InstancesOf("Win32_Tpm")
        If $o_colTpm.Count = 0 Then
;~ Wscript.Echo "ERROR - Failed get a TPM instance in the provider class. Script is exiting..."
        Else
            ; Get a single instance of the TPM provider class
            Local $o_objTpm = $o_objWMITPM.Get("Win32_Tpm=@")
;~          If Err.Number <> 0 Then
            If @error Then
;~ Wscript.Echo "ERROR - Failed get a TPM instance in the provider class. Script is exiting...(Error: " & Err.Number & ")"
            Else
                $i_TPM_Enabled = 1
;~ Wscript.Echo "Successfully retrieved a TPM instance from the Win32_TPM provider class"
                GetTPMStatus() ; Get the current status of the TPM to determine action
;~ Wscript.Echo "$__g_bIsEnabled:" & $__g_bIsEnabled & "$__g_bIsActivated:" & $__g_bIsActivated & "   $__g_bIsOwned:" & $__g_bIsOwned
                ; The following If statements cause the script to react differently depending on the TPM state

                If $__g_bIsEnabled = "True" And $__g_bIsActivated = "True" And $__g_bIsOwned = "True" Then
;~ Wscript.Echo "TPM is in a ready state to enable BitLocker."
                    $i_TPM_Enabled = 6
                ElseIf $__g_bIsEnabled = "True" And $__g_bIsActivated = "True" And $__g_bIsOwned = "False" Then
;~ Wscript.Echo "TPM ownership is not taken."
                    $i_TPM_Enabled = 5
                ElseIf $__g_bIsEnabled = "True" And $__g_bIsActivated = "False" And $__g_bIsOwned = "False" Then
;~ Wscript.Echo "TPM is turned on but not activated.."
                    $i_TPM_Enabled = 4
                ElseIf $__g_bIsEnabled = "False" And $__g_bIsActivated = "False" And $__g_bIsOwned = "False" Then
;~ Wscript.Echo "TPM is not turned on.."
                    $i_TPM_Enabled = 3
                ElseIf $__g_bIsEnabled = "False" And $__g_bIsActivated = "True" And $__g_bIsOwned = "True" Then
;~ Wscript.Echo "TPM is not enabled"
                    $i_TPM_Enabled = 2
                EndIf
            EndIf
        EndIf
    EndIf
;~  Err.Clear
    Return $i_TPM_Enabled
EndFunc   ;==>ConnectTPMProv

Func DriveEncryted()
;~  on error resume next
    Dim $systempart, $part_details, $s_strDrive, $s_strProtectionStatus, $s_strVolumeId, $_encsts
    $_encsts = 0
    ; Check whether the C: drive is encrypted
    ; WMI connection to Win32_EncryptableVolume, note that this will be only available on devices where BitLocker is enabled
;~ Local $o_objWMIService = ObjGet("winmgmts:\\.\root\CIMV2\Security\MicrosoftVolumeEncryption")
    Local $o_objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root\cimv2\Security\MicrosoftVolumeEncryption")
;~  If Err.Number <> 0 Then
    If @error Then
;~ Wscript.Echo "ERROR - Failed to connect to the MicrosoftVolumeEncryption provider."
        $_encsts = 9
    Else
        Local $o_colItems = $o_objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume ",0, 48)
        Local $i_teller
        For $o_objItem In $o_colItems
            $i_teller = $i_teller + 1
            $s_strProtectionStatus = $o_objItem.ProtectionStatus
            $s_strDrive = $o_objItem.DriveLetter
            $s_strVolumeId = $o_objItem.PersistentVolumeID
;~ Numeric value that corresponds to the type of disk drive this logical disk represents.
;~ Unknown (0)
;~ No Root Directory(1)
;~ Removable Disk(2)
;~ Local Disk(3)
;~ Network Drive(4)
;~ Compact Disc (5)
;~ RAM Disk (6)
            If GetDriveType($s_strDrive) = 3 Then
;~ Wscript.Echo "$s_strProtectionStatus " & $s_strProtectionStatus
                GetVolName($s_strDrive)
;~ WScript.Echo "2.$systempart  : " & $systempart
;~ WScript.Echo "2.$part_details: " & $part_details
                If $s_strProtectionStatus = "1" Then
                    $_encsts = 1
                EndIf
            EndIf
        Next
        If $i_teller = 0 Then
            $_encsts = 9
        EndIf
    EndIf
    Return $_encsts
EndFunc   ;==>DriveEncryted


Func GetDriveType($DriveLetter)
;~ Wscript.Echo "### Get Disk DriveType for " & $DriveLetter
;~ Enumerating Logical Disk Drive Properties
    $s_strComputer = "."
    Local $o_objWMIService = ObjGet("winmgmts:" _
             & "{impersonationLevel=impersonate}!\\" & $s_strComputer & "\root\cimv2")
    Local $o_colDisks = $o_objWMIService.ExecQuery _
            ("Select * from Win32_LogicalDisk")
    For $o_objDisk In $o_colDisks
        If $o_objDisk.DeviceID = $DriveLetter Then
            GetDriveType = $o_objDisk.DriveType
;~ Wscript.Echo "DeviceID: " & $DriveLetter & "  DriveType:" & GetDriveType
            Exit Function
        EndIf
    Next
;~ Wscript.Echo "! DeviceID: " & $DriveLetter& "  DriveType not found."
EndFunc   ;==>GetDriveType

Func GetVolName($DriveLetter)
;~ Wscript.Echo "### Get Disk DriveType for " & $DriveLetter
;~ Enumerating Logical Disk Drive Properties
    $s_strComputer = "."
    Local $o_objWMIService = ObjGet("winmgmts:" _
             & "{impersonationLevel=impersonate}!\\" & $s_strComputer & "\root\cimv2")
    Local $o_colDisks = $o_objWMIService.ExecQuery _
            ("Select * from Win32_LogicalDisk")
    For $o_objDisk In $o_colDisks
        If $o_objDisk.DeviceID = $DriveLetter Then
            GetVolName = $o_objDisk.VolumeName
;~ Wscript.Echo "DeviceID: " & $DriveLetter & "  info:" & GetVolName
            Exit Function
        EndIf
    Next
;~ Wscript.Echo "! DeviceID: " & $DriveLetter& "  DriveType not found."
EndFunc   ;==>GetVolName

Func ProtectStatus($s_strProtectionStatus)
    Select
        Case $s_strProtectionStatus = 0
            ProtectStatus = "OFF"
        Case $s_strProtectionStatus = 1
            ProtectStatus = "ON"
        Case $s_strProtectionStatus = 2
            ProtectStatus = "Unk"
    EndSelect
EndFunc   ;==>ProtectStatus

Func GetTPMStatus()
;~  on error resume next
;~  Err.Clear
    $i_nRC = $o_objTpm.IsEnabled($__g_bIsEnabled)

    If $i_nRC <> 0 Then
;~ Wscript.Echo "ERROR - The method IsEnabled failed with return code 0x" & Hex($i_nRC)
    EndIf

;~  Err.Clear
    $i_nRC = $o_objTpm.IsActivated($__g_bIsActivated)
    If $i_nRC <> 0 Then
;~ Wscript.Echo "ERROR - The method IsActivated failed with return code 0x" & Hex($i_nRC)
    EndIf

;~  Err.Clear
    $i_nRC = $o_objTpm.IsOwned($__g_bIsOwned)
    If $i_nRC <> 0 Then
;~ Wscript.Echo "ERROR - The method IsOwned failed with return code 0x" & Hex($i_nRC)
    EndIf

    $__g_strStatusTPMState = "TPM found in the following state: Enabled - " & $__g_bIsEnabled & ", Activated - " & $__g_bIsActivated & ", Owned - " & $__g_bIsOwned

EndFunc   ;==>GetTPMStatus

Func getsystempart($systempart, $part_details)
    $s_strComputer = "."
    $systempart = 7
    $part_details = ""
    Local $o_objWMIService = ObjGet("winmgmts:" _
             & "{impersonationLevel=impersonate}!\\" & $s_strComputer & "\root\cimv2")

    Local $o_colItems = $o_objWMIService.ExecQuery("Select * from Win32_Volume")

    For $o_objItem In $o_colItems
;~ WScript.Echo "Caption: " & $o_objItem.Caption & "   Label:" & $o_objItem.Label & "   Size:" & $o_objItem.Capacity & "   " & mid($o_objItem.Caption,2,1)
        $part_details = $part_details & "#" & $o_objItem.Caption & "|" & $o_objItem.Label & "|" & $o_objItem.Capacity
        ; * Didn't work because some had "System" as Label
;~ if $o_objItem.Label = "System Reserved" then
;~  $systempart = 1
;~ EndIf
        ;
        If StringLower(StringMid($o_objItem.Caption, 2, 2)) <> ":" And $o_objItem.Capacity < 20000000000 Then
            $systempart = 1
        EndIf
    Next
;~ WScript.Echo "$systempart  : " & $systempart
;~ WScript.Echo "$part_details: " & $part_details
EndFunc   ;==>getsystempart

Func writeXML($s_strDrive, $i_TPM_Enabled, $s_strVolumeId, $i_Syspart, $s_SyspartDet)
    MsgBox(0, '', _
            "<SOFTWARES>" & @CRLF & _
            "<PUBLISHER>Staples Specific</PUBLISHER>" & @CRLF & _
            "<NAME>Bitlocker_Status</NAME>" & @CRLF & _
            "<VERSION>" & $i_TPM_Enabled & "</VERSION>" & @CRLF & _
            "<FOLDER>" & $s_strDrive & "/</FOLDER>" & @CRLF & _
            "<COMMENTS>" & $s_SyspartDet & "</COMMENTS>" & @CRLF & _
            "<FILENAME>" & $s_strVolumeId & "</FILENAME>" & @CRLF & _
            "<FILESIZE>" & $i_Syspart & "</FILESIZE>" & @CRLF & _
            "<GUID />" & @CRLF & _
            "<LANGUAGE />" & @CRLF & _
            "<INSTALLDATE>2016-05-02 10:30:00</INSTALLDATE>" & @CRLF & _
            "<BITSWIDTH>0</BITSWIDTH>" & @CRLF & _
            "<SOURCE>1</SOURCE>" & @CRLF & _
            "</SOFTWARES>" _
            )
EndFunc   ;==>writeXML

I'm wondering if, in this following line:

Local $o_colItems = $o_objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume ",0, 48)

parameter = 0 is a proper value ?

 

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

  • Moderators
Posted

IIRC parameter 0 is the query language used (been a loong time since vbscript). If you don't leave as default (0), your only other option is "WQL".

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

  • 4 months later...
Posted

I have one other question.
How bit locker works in this specific situation :
I have encrypted SSD drive with my operating system and data.

If MainBoard on this WorkStation crash .... Can I connect the same SSD drive to other computer and unlock this drive on this other computer?
In other words: I want to know if encryption is related to specific WORKSTATION?
If not .... can it be done in this way?

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

  • Developers
Posted (edited)

IT sounds like you first need to do some homework before using bitlocker. ;)

Iam a bit rusty too but am pretty sure there is a recovery key generated, which we stored in the AD, but guess it all depends on how you roll bitlocker out. Either way you will need to save these recovery keys in the AD or somewhere else safe.

Jos

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Posted (edited)

Will this be not enough if I remember the password, on a case when my MainBoard crash?

btw. I know that recovery key is also important to be saved, on case when I forget the password.

Edited by mLipok

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

Posted (edited)

or another case, I hope simpler:

Let's assume that I have pendrive encrytped with bitlocker.
In case when I want to decrypt pendrive content on other WorkStation, what do I need to have/know (password or recovery key), ?

12 minutes ago, Jos said:

IT sounds like you first need to do some homework before using bitlocker.

yes..... :)

 

Edited by mLipok

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

  • Moderators
Posted

If you use Bitlocker on a thumb drive, you're using what is called "Bitlocker To Go", it is not dependent on TPM. When you encrypt the drive you are prompted for where to save your recovery key. When you insert the drive into a different machine you will be presented with a pop up asking for the password (key). Enter this successfully and you will have access to the files; lose it and you are SOL

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Posted

So using TPM , the encrypted drive is related to the specific machine until I use RecoveryKey on other machines?

 

 

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

  • 2 years later...
Posted

Refactored version:

;~ https://www.autoitscript.com/forum/topic/194953-trusted-platform-module-bitlocker

Const $iForAppending = 8
Const $iSetPres = 10
;~ const $HKEY_LOCAL_MACHINE = &H80000002
Const $REG_SZ = 1
Const $REG_EXPAND_SZ = 2
Const $REG_BINARY = 3
Const $REG_DWORD = 4
Const $REG_MULTI_SZ = 7

Global $o_objTpm
Global $__g_bIsEnabled, $__g_bIsActivated, $__g_bIsOwned, $__g_bIsOwnershipAllowed, $__g_objLog, $__g_TakeOwnership, $Enable, $__g_objEnVol, $__g_strStatusTPM, $__g_strStatusBDE, $__g_strStatusTPMState

_Example()
Exit

Func _Example()
;~  Local $o_objGPPT, $s_strOwnerPassword, $s_strPassword, $objWMIBDE, $nProtStatus, $ProtectVar, $objOSSysDriv, $objSWbemServices, $objOS, $coloperatingsystem, $sProtID, $s_strOldOwnerPassword
;~  Local $argProtect, $argRK, $argEM, $argSMS, $argLOG, $argRO, $argPrompt, $strCurrentUser, $argValid, $i, $strPIN, $objRemovableDrive, $strStatusCode, $strStatusData, $MIF, $strEKP, $strEK
;~  Local $ActiveDirectoryBackup, $ActiveDirectoryInfoToStore, $RequireActiveDirectoryBackup, $EncryptionMethod, $BackupMandatory, $s_strStartDate, $s_strStartTime, $s_strRetry, $s_strPolicy
;~  Local $__g_Drive_St, $__g_lDriveType

    Local $_tpmst = ConnectTPMProv()
    Local $_encst = DriveEncryted()
    Local $systempart = ""
    Local $part_details = ""
    getsystempart($systempart, $part_details)

    writeXML("C:", $_tpmst & $_encst, "", $systempart, $part_details)

    Sleep(1000)

EndFunc   ;==>_Example


Func ConnectTPMProv()
    Local $i_TPM_Enabled = 0
;~  Local $i_Encryption_status = 0

;~  Local $i_TMP_err = 0
    Local $s_strConnectionStr1 = "winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root\cimv2\Security\MicrosoftTpm"
    Local $o_objWMITPM = ObjGet($s_strConnectionStr1)
    If @error Then
        _ConsoleWrite("ERROR - Failed to connect to the MicrosoftTPM provider.")
        $i_TPM_Enabled = 9
    Else
        _ConsoleWrite("Connection succeeded to MicrosoftTPM")
        ; There should either be 0 or 1 instance of the TPM provider class

        Local $o_colTpm = $o_objWMITPM.InstancesOf("Win32_Tpm")
        If $o_colTpm.Count = 0 Then
            _ConsoleWrite("ERROR - Failed get a TPM instance in the provider class. Script is exiting...")
        Else
            ; Get a single instance of the TPM provider class
            Local $o_objTpm = $o_objWMITPM.Get("Win32_Tpm=@")
            #forceref $o_objTpm
            If @error Then
                _ConsoleWrite("ERROR - Failed get a TPM instance in the provider class. Script is exiting...(Error: " & @error & ")")
            Else
                $i_TPM_Enabled = 1
                _ConsoleWrite("Successfully retrieved a TPM instance from the Win32_TPM provider class")
                GetTPMStatus() ; Get the current status of the TPM to determine action
                _ConsoleWrite("$__g_bIsEnabled:" & $__g_bIsEnabled & "$__g_bIsActivated:" & $__g_bIsActivated & "   $__g_bIsOwned:" & $__g_bIsOwned)
                ; The following If statements cause the script to react differently depending on the TPM state

                If $__g_bIsEnabled = "True" And $__g_bIsActivated = "True" And $__g_bIsOwned = "True" Then
                    _ConsoleWrite("TPM is in a ready state to enable BitLocker.")
                    $i_TPM_Enabled = 6
                ElseIf $__g_bIsEnabled = "True" And $__g_bIsActivated = "True" And $__g_bIsOwned = "False" Then
                    _ConsoleWrite("TPM ownership is not taken.")
                    $i_TPM_Enabled = 5
                ElseIf $__g_bIsEnabled = "True" And $__g_bIsActivated = "False" And $__g_bIsOwned = "False" Then
                    _ConsoleWrite("TPM is turned on but not activated..")
                    $i_TPM_Enabled = 4
                ElseIf $__g_bIsEnabled = "False" And $__g_bIsActivated = "False" And $__g_bIsOwned = "False" Then
                    _ConsoleWrite("TPM is not turned on..")
                    $i_TPM_Enabled = 3
                ElseIf $__g_bIsEnabled = "False" And $__g_bIsActivated = "True" And $__g_bIsOwned = "True" Then
                    _ConsoleWrite("TPM is not enabled")
                    $i_TPM_Enabled = 2
                EndIf
            EndIf
        EndIf
    EndIf
    Return $i_TPM_Enabled
EndFunc   ;==>ConnectTPMProv

Func DriveEncryted()
    Local $systempart, $part_details, $s_strDrive, $s_strProtectionStatus, $s_strVolumeId
    #forceref $s_strVolumeId
    Local $_encsts = 0
    ; Check whether the C: drive is encrypted
    ; WMI connection to Win32_EncryptableVolume, note that this will be only available on devices where BitLocker is enabled
    Local $o_objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root\cimv2\Security\MicrosoftVolumeEncryption")
    If @error Then
        _ConsoleWrite("ERROR - Failed to connect to the MicrosoftVolumeEncryption provider.")
        $_encsts = 9
    Else
        Local $o_colItems = $o_objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume ", 0, 48)
        Local $i_teller
        For $o_objItem In $o_colItems
            $i_teller = $i_teller + 1
            $s_strProtectionStatus = $o_objItem.ProtectionStatus
            $s_strDrive = $o_objItem.DriveLetter
            $s_strVolumeId = $o_objItem.PersistentVolumeID
;~ Numeric value that corresponds to the type of disk drive this logical disk represents.
;~ Unknown (0)
;~ No Root Directory(1)
;~ Removable Disk(2)
;~ Local Disk(3)
;~ Network Drive(4)
;~ Compact Disc (5)
;~ RAM Disk (6)
            If GetDriveType($s_strDrive) = 3 Then
                _ConsoleWrite("$s_strProtectionStatus " & $s_strProtectionStatus)
                GetVolName($s_strDrive)
                _ConsoleWrite("2.$systempart  : " & $systempart)
                _ConsoleWrite("2.$part_details: " & $part_details)
                If $s_strProtectionStatus = "1" Then
                    $_encsts = 1
                EndIf
            EndIf
        Next
        If $i_teller = 0 Then
            $_encsts = 9
        EndIf
    EndIf
    Return $_encsts
EndFunc   ;==>DriveEncryted


Func GetDriveType($DriveLetter)
    _ConsoleWrite("### Get Disk DriveType for " & $DriveLetter)
;~ Enumerating Logical Disk Drive Properties
    Local $s_strComputer = "."
    Local $o_objWMIService = ObjGet("winmgmts:" _
             & "{impersonationLevel=impersonate}!\\" & $s_strComputer & "\root\cimv2")
    Local $o_colDisks = $o_objWMIService.ExecQuery _
            ("Select * from Win32_LogicalDisk")
    For $o_objDisk In $o_colDisks
        If $o_objDisk.DeviceID = $DriveLetter Then
            Local $GetDriveType = $o_objDisk.DriveType
            _ConsoleWrite("DeviceID: " & $DriveLetter & "  DriveType:" & $GetDriveType)
            Return $GetDriveType
        EndIf
    Next
    _ConsoleWrite("! DeviceID: " & $DriveLetter & "  DriveType not found.")
EndFunc   ;==>GetDriveType

Func GetVolName($DriveLetter)
    _ConsoleWrite("### Get Disk DriveType for " & $DriveLetter)
;~ Enumerating Logical Disk Drive Properties
    Local $s_strComputer = "."
    Local $o_objWMIService = ObjGet("winmgmts:" _
             & "{impersonationLevel=impersonate}!\\" & $s_strComputer & "\root\cimv2")
    Local $o_colDisks = $o_objWMIService.ExecQuery _
            ("Select * from Win32_LogicalDisk")
    For $o_objDisk In $o_colDisks
        If $o_objDisk.DeviceID = $DriveLetter Then
            Local $GetVolName = $o_objDisk.VolumeName
            _ConsoleWrite("DeviceID: " & $DriveLetter & "  info:" & $GetVolName)
            Return $GetVolName
        EndIf
    Next
    _ConsoleWrite("! DeviceID: " & $DriveLetter & "  DriveType not found.")
EndFunc   ;==>GetVolName

Func ProtectStatus($s_strProtectionStatus)
    Local $ProtectStatus
    Select
        Case $s_strProtectionStatus = 0
            $ProtectStatus = "OFF"
        Case $s_strProtectionStatus = 1
            $ProtectStatus = "ON"
        Case $s_strProtectionStatus = 2
            $ProtectStatus = "Unk"
    EndSelect
    Return $ProtectStatus
EndFunc   ;==>ProtectStatus

Func GetTPMStatus()
    Local $i_nRC = $o_objTpm.IsEnabled($__g_bIsEnabled)

    If $i_nRC <> 0 Then
        _ConsoleWrite("ERROR - The method IsEnabled failed with return code 0x" & Hex($i_nRC))
    EndIf

    $i_nRC = $o_objTpm.IsActivated($__g_bIsActivated)
    If $i_nRC <> 0 Then
        _ConsoleWrite("ERROR - The method IsActivated failed with return code 0x" & Hex($i_nRC))
    EndIf

    $i_nRC = $o_objTpm.IsOwned($__g_bIsOwned)
    If $i_nRC <> 0 Then
        _ConsoleWrite("ERROR - The method IsOwned failed with return code 0x" & Hex($i_nRC))
    EndIf

    $__g_strStatusTPMState = "TPM found in the following state: Enabled - " & $__g_bIsEnabled & ", Activated - " & $__g_bIsActivated & ", Owned - " & $__g_bIsOwned

EndFunc   ;==>GetTPMStatus

Func getsystempart($systempart, $part_details)
    Local $s_strComputer = "."
    $systempart = 7
    $part_details = ""
    Local $o_objWMIService = ObjGet("winmgmts:" _
             & "{impersonationLevel=impersonate}!\\" & $s_strComputer & "\root\cimv2")

    Local $o_colItems = $o_objWMIService.ExecQuery("Select * from Win32_Volume")

    For $o_objItem In $o_colItems
        _ConsoleWrite("Caption: " & $o_objItem.Caption & "   Label:" & $o_objItem.Label & "   Size:" & $o_objItem.Capacity & "   " & StringMid($o_objItem.Caption, 2, 1))
        $part_details = $part_details & "#" & $o_objItem.Caption & "|" & $o_objItem.Label & "|" & $o_objItem.Capacity
        ; * Didn't work because some had "System" as Label
;~ if $o_objItem.Label = "System Reserved" then
;~  $systempart = 1
;~ EndIf
        ;
        If StringLower(StringMid($o_objItem.Caption, 2, 2)) <> ":" And $o_objItem.Capacity < 20000000000 Then
            $systempart = 1
        EndIf
    Next
    _ConsoleWrite("$systempart  : " & $systempart)
    _ConsoleWrite("$part_details: " & $part_details)
EndFunc   ;==>getsystempart

Func writeXML($s_strDrive, $i_TPM_Enabled, $s_strVolumeId, $i_Syspart, $s_SyspartDet)
    MsgBox(0, '', _
            "<SOFTWARES>" & @CRLF & _
            "<PUBLISHER>Staples Specific</PUBLISHER>" & @CRLF & _
            "<NAME>Bitlocker_Status</NAME>" & @CRLF & _
            "<VERSION>" & $i_TPM_Enabled & "</VERSION>" & @CRLF & _
            "<FOLDER>" & $s_strDrive & "/</FOLDER>" & @CRLF & _
            "<COMMENTS>" & $s_SyspartDet & "</COMMENTS>" & @CRLF & _
            "<FILENAME>" & $s_strVolumeId & "</FILENAME>" & @CRLF & _
            "<FILESIZE>" & $i_Syspart & "</FILESIZE>" & @CRLF & _
            "<GUID />" & @CRLF & _
            "<LANGUAGE />" & @CRLF & _
            "<INSTALLDATE>2016-05-02 10:30:00</INSTALLDATE>" & @CRLF & _
            "<BITSWIDTH>0</BITSWIDTH>" & @CRLF & _
            "<SOURCE>1</SOURCE>" & @CRLF & _
            "</SOFTWARES>" _
            )
EndFunc   ;==>writeXML

Func _ConsoleWrite($sData)
    ConsoleWrite($sData & @CRLF)
EndFunc   ;==>_ConsoleWrite

 

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...