colombeen Posted August 16, 2018 Posted August 16, 2018 (edited) Hi guys, I'm trying to get some information using WMI, from the Win32_EncryptableVolume class. I exec my query, filter out the C-drive, but when I need more info using the objects methods, I only get 1 value back and I can't seem to retrieve the other out params that should be there. A very minimal version of what I'm trying to do (no error checking etc, very basic). You need to start SciTE as admin or you won't see any results in the console! #RequireAdmin $strComputer = @ComputerName $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter='C:'", "WQL", 0) For $objDrive In $objWMIQuery ConsoleWrite("> " & $objDrive.GetConversionStatus() & @CRLF) ConsoleWrite("> " & $objDrive.GetConversionStatus().ConversionStatus & @CRLF) ConsoleWrite("> " & $objDrive.GetConversionStatus().EncryptionPercentage & @CRLF) Next The result from the console is : > 0 > > What I'm expecting to get back is : > 0 > 0 > 0 When using powershell I get this (run as admin is required!!!) : PS C:\WINDOWS\system32> (Get-WmiObject -namespace "Root\cimv2\security\MicrosoftVolumeEncryption" -ClassName "Win32_Encryptablevolume" -Filter "DriveLetter='C:'").GetConversionStatus() ... ConversionStatus : 0 EncryptionFlags : 0 EncryptionPercentage : 0 ReturnValue : 0 ... All I seem to be getting is the ReturnValue when I use the method. I've tried this on multiple methods, always ending up with the same result Anyone here who has experience with this type of thing? Greetz colombeen Edited August 22, 2018 by colombeen
Juvigy Posted August 17, 2018 Posted August 17, 2018 Try this: global $a,$b,$c $strComputer = @ComputerName $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter='C:'", "WQL", 0) For $objDrive In $objWMIQuery $res = $objDrive.GetConversionStatus($a,$b,$c) ConsoleWrite("> " & $res & @CRLF) ConsoleWrite("> " & $a & @CRLF) ConsoleWrite("> " & $b & @CRLF) ConsoleWrite("> " & $c & @CRLF) Next Exit And here is the documentation: uint32 GetConversionStatus( [out] uint32 ConversionStatus, [out] uint32 EncryptionPercentage, [out] uint32 EncryptionFlags, [out] uint32 WipingStatus, [out] uint32 WipingPercentage, [in] uint32 PrecisionFactor ); colombeen 1
colombeen Posted August 17, 2018 Author Posted August 17, 2018 (edited) On 17-8-2018 at 11:14 AM, Juvigy said: Try this: global $a,$b,$c $strComputer = @ComputerName $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter='C:'", "WQL", 0) For $objDrive In $objWMIQuery $res = $objDrive.GetConversionStatus($a,$b,$c) ConsoleWrite("> " & $res & @CRLF) ConsoleWrite("> " & $a & @CRLF) ConsoleWrite("> " & $b & @CRLF) ConsoleWrite("> " & $c & @CRLF) Next Exit I'll definitely try that out! Edited August 21, 2018 by colombeen
colombeen Posted August 17, 2018 Author Posted August 17, 2018 (edited) Mhhmmnn... Some of the values that I get back aren't what I'm expecting. I'll just show you guys what I'm working on (FYI: it's far from ready, but the end result will be shared) : ; newer version in latest post When I run this the $intWipingStatus contains "-1", but in powershell I get this value "4294967295", while the documentation shows that it could only be an int between 0 and 3 https://docs.microsoft.com/en-us/windows/desktop/secprov/getconversionstatus-win32-encryptablevolume Any idea? Edited August 19, 2018 by colombeen
colombeen Posted August 18, 2018 Author Posted August 18, 2018 (edited) Guessing it's not a very popular subject. Another thing that frustrates me is the return value of the "IsAutoUnlockKeyStored"-method (I'm not talking about the out param, just the return value). The documentation shows uint32 IsAutoUnlockKeyStored( [out] boolean IsAutoUnlockKeyStored ); And the return values should be Return code/value Description --------------------------------------------------- S_OK The method was successful. 0 (0x0) FVE_E_NOT_ACTIVATED BitLocker is not enabled on the volume. Add a key protector to enable BitLocker. 2150694920 (0x80310008) FVE_E_NOT_OS_VOLUME The method can only be run for the currently running operating system volume. 2150694952 (0x80310028) But then why do I keep getting "-2144272376" Is there some kind of conversion I'm forgetting or is MS just screwing me over? Edited August 18, 2018 by colombeen
ripdad Posted August 18, 2018 Posted August 18, 2018 -2144272376 converts to 0x80310008 (FVE_E_NOT_ACTIVATED) MsgBox(0, '', '0x' & Hex(-2144272376)) colombeen 1 "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
colombeen Posted August 18, 2018 Author Posted August 18, 2018 (edited) 3 minutes ago, ripdad said: -2144272376 converts to 0x80310008 (FVE_E_NOT_ACTIVATED) MsgBox(0, '', '0x' & Hex(-2144272376)) YOU ARE A LIFE SAVER But I'm still not sure what to do with the -1 I'm getting from the $intWipingStatus :-s Edited August 18, 2018 by colombeen
ripdad Posted August 18, 2018 Posted August 18, 2018 -1 in WMI usually means: UNKNOWN In powershell... 4294967295 converts to 0xFFFFFFFF which usually means allow or enabled and 0x00000000 usualy means disabled. Not 100% sure this is the case for your issue though. colombeen 1 "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
colombeen Posted August 18, 2018 Author Posted August 18, 2018 (edited) 23 hours ago, ripdad said: -1 in WMI usually means: UNKNOWN In powershell... 4294967295 converts to 0xFFFFFFFF which usually means allow or enabled and 0x00000000 usualy means disabled. Not 100% sure this is the case for your issue though. I was coming to the same conclusion as well on the -1 being UNKNOWN in most cases. I've added it to my array as the first item and just +1 the result I get for now ; newer version in latest post If anyone who is using bitlocker could test this out (and post back the results), it would be greatly appreciated! Edited August 19, 2018 by colombeen
colombeen Posted August 19, 2018 Author Posted August 19, 2018 (edited) I've made some more changes. I'm hoping it will work (can't test it here, I'm not allowed to encrypt my system just yet). If anyone is willing to test my script (doens't matter if your system is or isn't using bitlocker, you just need WinVista or newer), please let me know what the result was so that I can fix bugs etc before I implement it (and also share it here ofcourse) Please run SciTE as admin, otherwise you won't see the errors etc in the console ; newer version in latest post Also, I'm not sure if it's possible to read this information remotely because of safety precautions by MS. This is my result : My console output : !> GetConversionStatus 0x00000000 !> GetEncryptionMethod 0x00000000 !> GetKeyProtectors 0x00000000 !> GetLockStatus 0x00000000 !> GetProtectionStatus 0x00000000 !> IsAutoUnlockEnabled 0x80310008 !> IsAutoUnlockKeyStored 0x80310008 EDIT: I had a little issue that the secondary pop-up didn't show because I forgot to change $test[0][11] to $test[0][12] when I added another item to the array. Edited August 20, 2018 by colombeen bugfix
Juvigy Posted August 20, 2018 Posted August 20, 2018 This is the output of your script: !> GetConversionStatus 0x00000000 !> GetEncryptionMethod 0x00000000 !> GetKeyProtectors 0x00000000 !> GetLockStatus 0x00000000 !> GetProtectionStatus 0x00000000 !> IsAutoUnlockEnabled 0x80310019 !> IsAutoUnlockKeyStored 0x00000000 "C:\Documents and Settings\delchevs\Desktop\COM fixes\BitLocker.au3" (58) : ==> The requested action with this object has failed.: $aResult[$iRow][1] = $aVolumeTypeMsg[$objDrive.VolumeType] $aResult[$iRow][1] = $aVolumeTypeMsg[$objDrive^ ERROR And if i run the example script from my first post i get: > 0 > 1 > 100 > I am using win7 and have bitlocker.
colombeen Posted August 20, 2018 Author Posted August 20, 2018 (edited) ; newer version in latest post This is an attempt to fix the missing properties in Win7 Edited August 21, 2018 by colombeen
Juvigy Posted August 20, 2018 Posted August 20, 2018 Now it works. C:|Operating System Volume|Unkown|Protected|Unlocked|False|False|Fully Encrypted|AES_256|100|Free Space Not Wiped||{Array} {CF607D86-743D-4E29-8FF2-A49D0D7AB820}|Numerical password {B1AA7EF7-AC39-4D21-A278-B12EA6AA5F2B}|Trusted Platform Module (TPM) !> GetConversionStatus 0x00000000 !> GetEncryptionMethod 0x00000000 !> GetKeyProtectors 0x00000000 !> GetLockStatus 0x00000000 !> GetProtectionStatus 0x00000000 !> IsAutoUnlockEnabled 0x80310019 !> IsAutoUnlockKeyStored 0x00000000 colombeen 1
colombeen Posted August 20, 2018 Author Posted August 20, 2018 (edited) Awesome! I'll still need to fix some things but I'm getting there EDIT: I've added a few checks to make sure everything works fine, I'm not noticing alot of performance loss. ; newer version in latest post Edited August 22, 2018 by colombeen
colombeen Posted August 21, 2018 Author Posted August 21, 2018 I'm just having one last issue before I can post the "final" version in the example scripts I need to add #AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w- 4 -w 5 -w 6 -w- 7 But the changes I need to make so that my script will still work is what I can't figure out. This is the part that will show errors : If IsArray($aVolumeKeyProtectorID) And UBound($aVolumeKeyProtectorID) > 0 Then Local $aVolumeKeyProtectors[UBound($aVolumeKeyProtectorID)][2], $iKeyProtectorType For $i = 0 To UBound($aVolumeKeyProtectorID) - 1 $aVolumeKeyProtectors[$i][0] = $aVolumeKeyProtectorID[$i] If _WMIMethodExists($objDrive, "GetKeyProtectorType") Then If $objDrive.GetKeyProtectorType($aVolumeKeyProtectorID[$i], $iKeyProtectorType) = 0 Then $aVolumeKeyProtectors[$i][1]= $aKeyProtectorTypeMsg[$iKeyProtectorType] Else $aVolumeKeyProtectors[$i][1]= "Unknown" EndIf Else $aVolumeKeyProtectors[$i][1] = "Unknown" EndIf Next Else Local $aVolumeKeyProtectors = "None" EndIf I declare the $aVolumeKeyProtectors 2 times, which I know is wrong, even more so when you put it inside of a loop. Any suggestions? I can't seem to figure it out
LarsJ Posted August 22, 2018 Posted August 22, 2018 It's easy if you know how to do it: Local $aVolumeKeyProtectors If IsArray($aVolumeKeyProtectorID) And UBound($aVolumeKeyProtectorID) > 0 Then Dim $aVolumeKeyProtectors[UBound($aVolumeKeyProtectorID)][2] Local $iKeyProtectorType ; ... Else $aVolumeKeyProtectors = "None" EndIf colombeen 1 Controls, File Explorer, ROT objects, UI Automation, Windows Message MonitorCompiled code: Accessing AutoIt variables, DotNet.au3 UDF, Using C# and VB codeShell menus: The Context menu, The Favorites menu. Shell related: Control Panel, System Image ListsGraphics related: Rubik's Cube, OpenGL without external libraries, Navigating in an image, Non-rectangular selectionsListView controls: Colors and fonts, Multi-line header, Multi-line items, Checkboxes and icons, Incremental searchListView controls: Virtual ListViews, Editing cells, Data display functions
colombeen Posted August 22, 2018 Author Posted August 22, 2018 (edited) 3 hours ago, LarsJ said: It's easy if you know how to do it: Local $aVolumeKeyProtectors If IsArray($aVolumeKeyProtectorID) And UBound($aVolumeKeyProtectorID) > 0 Then Dim $aVolumeKeyProtectors[UBound($aVolumeKeyProtectorID)][2] Local $iKeyProtectorType ; ... Else $aVolumeKeyProtectors = "None" EndIf Is it that simple? I'll try that out! Thx! EDIT: Just tried it, WORKS LIKE A CHARM! I moved the script to the examples : Edited August 22, 2018 by colombeen
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now