security guard

View BitLocker Information Outside of manage-bde

Q: How can I view in the registry the same information that's exposed through manage-bde?

A: The answer is that you can't. BitLocker status information isn't stored in the registry. Manage-bde actually interacts with WMI, specifically Win32_EncryptableVolume, for information about BitLocker. You can use manage-bde to find information about the encryption status of drives. The Microsoft TechNet article "Win32_EncryptableVolume class" includes a complete script example that outputs full BitLocker information, utilizing Win32_EncryptableVolume.

If you're using PowerShell, there are cmdlets built into PowerShell 4.0 that are specific to BitLocker. See the Microsoft TechNet article "BitLocker Cmdlets in Windows PowerShell." As an example, the following PowerShell code displays BitLocker information:

PS C:\> get-bitlockervolume c: | fl

ComputerName : SAVWIN01
MountPoint : C:
EncryptionMethod : Aes128
AutoUnlockEnabled :
AutoUnlockKeyStored : True
MetadataVersion : 2
VolumeStatus : FullyEncrypted
ProtectionStatus : On
LockStatus : Unlocked
EncryptionPercentage : 100
WipePercentage : 0
VolumeType : OperatingSystem
CapacityGB : 223.0537
KeyProtector : {RecoveryPassword, Password}
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish