Menu
From various threads I've cobbled together how to check for BitLocker programmatically like this:
private void TestBitLockerMenuItem_Click(object sender, RoutedEventArgs e) {
var path=new ManagementPath(@"\ROOT\CIMV2\Security\MicrosoftVolumeEncryption")
{ ClassName="Win32_EncryptableVolume" };
var scope=new ManagementScope(path);
path.Server=Environment.MachineName;
var objectSearcher=new ManagementClass(scope, path, new ObjectGetOptions());
foreach (var item in objectSearcher.GetInstances()) {
MessageBox.Show(item["DeviceID"].ToString()+" "+item["ProtectionStatus"].ToString());
}
}
But it only works if the process has admin privileges.
It seems odd that any old Windows user can go to Explorer, right-click on a drive, and find out if it has BitLocker turned, but a program cannot seem to get this done. Does anyone know of a way to do this?
816
Checking BitLocker Status (Command Line) Right-click Command Prompt and select "Run as Administrator." In command prompt, type "manage -bde -status" and press Enter. View the status of BitLocker on the drives in the computer.
In the Configuration Manager console, go to the Monitoring workspace, expand Reporting, and select the Reports node. The following reports are in the BitLocker Management category: BitLocker Computer Compliance.
Unlocking Bitlocker using a Recovery Key File To unlock their drives, users must open “This PC” (or “My Computer”, depending on the version of Windows), right click on the encrypted drive icons with the locked yellow padlock icon, click "Unlock Drive" and provide the Password.
Windows displays this in the shell by using the Windows Property System in the Win32 API to check the undocumented shell property System.Volume.BitLockerProtection. Your program will also be able to check this property without elevation.
If the value of this property is 1, 3, or 5, BitLocker is enabled on the drive. Any other value is considered off.
During my search for a solution to this problem, I found references to this shell property in HKEY_CLASSES_ROOT\Drive\shell\manage-bde\AppliesTo. Ultimately, this discovery lead me to this solution.
The Windows Property System is a low-level API, but you can use the wrapper that's available in the Windows API Code Pack.
Install-Package WindowsAPICodePack
using Microsoft.WindowsAPICodePack.Shell;
using Microsoft.WindowsAPICodePack.Shell.PropertySystem;
IShellProperty prop = ShellObject.FromParsingName("C:").Properties.GetProperty("System.Volume.BitLockerProtection");
int? bitLockerProtectionStatus = (prop as ShellProperty<int?>).Value;
if (bitLockerProtectionStatus.HasValue && (bitLockerProtectionStatus == 1 || bitLockerProtectionStatus == 3 || bitLockerProtectionStatus == 5))
Console.WriteLine("ON");
else
Console.WriteLine("OFF");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
