BitLocker Compliance and Policy Reporting with SCCM
If you are looking for a comprehensive BitLocker report, look no more…
🚨🚨 IMPORTANT NOTICE🚨🚨
🦄 We moved to our brand new blog at MEM.Zone 🦄
🚨🚨 IMPORTANT NOTICE🚨🚨
My vague promises of publishing a BitLocker report based on HWI seem to have come true. This is a complete report that also displays BitLocker GPO settings. In order to get the BitLocker and Policy data, you need to extend the SCCM Hardware Inventory. If you don’t want to do that you can use my BitLocker Configuration Baseline together with the Baseline Report with Actual Values.
Notes
ALWAYS BACK-UP YOUR CONFIGURATION.MOF FILE BEFORE ANY CHANGES!
TEST THE CONFIGURATION.MOF USING MOFCOMP.EXE ON A TEST MACHINE FIRST!
HWI EXTENSION NEEDS TO BE DONE ON THE TOP OF YOUR HIERARCHY, CAS IF YOU USE ONE, PSS IF YOU DON’T.
Add SQL extensions to the Configuration.mof file
You can find the the Configuration.mof file in <CMInstallLocation>\Inboxes\clifiles.src\hinv\
Look for the following section at the end of the Configuration.mof file:
//========================
// Added extensions start
//========================//========================
// Added extensions end
//========================
Inside this section paste the following extensions:
BitLocker Status extension
BitLocker Policy extension
Notes
Never create any extensions outside of the “Added extensions start/end” headers.
Try to have consistent formatting inside these headers.
Never modify anything outside these headers.
Watch for other previous extensions and use clear delimitation between them.
Test and Implement HWI extension
Use mofcomp.exe to check if configuration.mof was correctly modified, and implement the changes.
Compiling the configuration.mof file in the hinv folder on the CAS/PSS, will trigger the distribution and compilation on all machines in your environment.
Either use a test environment or compile the file on a test machine first. After the file complies successfully you can check the WMI to see if the classes were created.
Compile configuration.mof
## Check syntax
mofcomp.exe -check {Configuration.mof Location}\Configuration.mof## Compile file
/*
Compiling the configuration.mof file in the hinv folder on the CAS/PSS, will trigger the distribution and compilation on all machines in your environment.
*/mofcomp.exe {Configuration.mof Location}\Configuration.mof
Check WMI for the new classes
## Check if the new classes are present in WMI# Get BitLocker Status class
Get-CimClass -ClassName Win32_EncryptableVolume_Ext# Get BitLocker Policy class
Get-CimClass -ClassName Win32Reg_BitLockerPolicy
Implement changes on the CAS/PSS
Compile the configuration.mof file
## Compile file
/*
Compiling the configuration.mof file in the hinv folder on the CAS/PSS, will trigger the distribution and compilation on all machines in your environment.
*/mofcomp.exe <CMInstallLocation>\Inboxes\clifiles.src\hinv\Configuration.mof
Import the new HWI definitions
You need to add the new class definitions to the Default Client Settings.
Download definitions
## BitLocker Status
HWI DEF Win32_EncryptableVolume_Ext.mof## BitLocker Policy
HWI DEF Win32Reg_BitlockerPolicy.mof
Import definitions
Import the SSRS Report
The report has two parts, one main report and a policy sub-report. If you rename the sub-report you will have to change the hard coded value in the main report. Report and sub-report need to be located in the same folder.
Download the report files
## BitLocker Main Report
SEC Bitlocker Compliance and Policy.rdl## BitLocker Policy Sub-Report
SR Display Formatted Text.rdl
Upload reports to SSRS
- Start Internet Explorer and navigate to http://YOUR_REPORT_SERVER_FQDN/Reports
- Choose a path and upload the previously downloaded report files.
Configure imported reports
- Replace the DataSource in the reports.
- If you don’t add a logo, delete the placeholder on the top left.
Notes
This report was created with SQL 2014 Reporting Services, you might need to remove some report elements if you use an older version.
Report Query
For reference only, since the report includes this query.
Report Preview
Please, Subscribe and Clap for this article! It makes a difference. Thanks!
Use Github for 🐛 reporting, or 🌈 and🦄 requests