How can I check bitlocker status powershell?

4.2K    Asked by ankur_3579 in Cyber Security , Asked on Feb 9, 2022

All machines from my network should have BitLocker successfully applied to them. Is there a way that I can remotely query the machines to see if:Bitlocker has been enabled, Bitlocker has fully encrypted the drive. Ideally I am looking for a way to do it without admin rights.


Answered by Anil Mer

To check Bitlocker status PowerShell command, you can check the BitLocker status on a volume:


Manage-bde -status -cn  
Where the -cn argument is optional. Examples:
Manage-bde -status C:
Manage-bde -status -cn 192.168.1.2 C:
The command can also be run remotely.
Reference: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ff829849(v=ws.11)


Your Answer

Answer (1)

To check the BitLocker status on a drive using PowerShell, you can use the Get-BitLockerVolume cmdlet, which is part of the BitLocker module. Here are the steps to check the BitLocker status:

1. Open PowerShell

Press Win + X and select Windows PowerShell or Windows PowerShell (Admin) to open PowerShell with administrative privileges.

You can also search for "PowerShell" in the Start menu, right-click it, and select "Run as administrator."

2. Use the Get-BitLockerVolume Cmdlet

To check the BitLocker status of all drives, use the following command:

  Get-BitLockerVolume

This command will display information about all BitLocker volumes, including their status, encryption method, and more.

3. Check Status for a Specific Drive

If you want to check the status of a specific drive, use the -MountPoint parameter:

  Get-BitLockerVolume -MountPoint "C:"

Replace "C:" with the drive letter of the drive you want to check.

4. Interpret the Output

  • The output will include several properties, such as:
  • VolumeType: The type of volume (e.g., Operating System Volume, Data Volume).
  • MountPoint: The drive letter.
  • EncryptionMethod: The encryption algorithm used.
  • ProtectionStatus: Indicates whether BitLocker protection is on or off.
  • VolumeStatus: Indicates the overall status of the volume (e.g., Fully Encrypted, Encryption In Progress).

Example Output

Here is an example of what the output might look like:

VolumeType : Operating System Volume

MountPoint : C:

EncryptionMethod : XtsAes256

ProtectionStatus : On

LockStatus : Unlocked

VolumeStatus : FullyEncrypted

Summary

To check the BitLocker status on a drive using PowerShell, follow these steps:

  • Open PowerShell with administrative privileges.
  • Use Get-BitLockerVolume to get the status of all drives:

  Get-BitLockerVolume

To check a specific drive, use:

  Get-BitLockerVolume -MountPoint "C:"

Review the output to determine the BitLocker status.

By using these commands, you can easily check the BitLocker status on your drives.










6 Months

Interviews

Parent Categories