Tag Archives: windows

Checking Encryption Status of Remote Windows Computers

Using the manage-bde command you can check the Bitlocker encryption status on both the local Windows computer but also remote devices on the local area network. For example, to check the encryption status of the C: drive on the computer “WS12345” the following command could be used

manage-bde -status -computername WS12345 C:

and the results might look something like this:

BitLocker Drive Encryption: Configuration Tool version 10.0.14393
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Computer Name: WS12345

Volume C: [OSDisk]
[OS Volume]

Size:                 237.99 GB
BitLocker Version:    2.0
Conversion Status:    Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method:    AES 256 with Diffuser
Protection Status:    Protection On
Lock Status:          Unlocked
Identification Field: None
Key Protectors:
    Numerical Password
    TPM

Expanding on this we could wrap some PowerShell around the command and read in a list of hostnames from a text file and report on the encryption status of each.

Firstly we need to format the output of manage-bde to only show us the value of the “Conversion Status” field- PowerShell’s string manupulation can come in handy here- we can locate the “Conversion Status” line, check that it is present (if the computer is not on the network, or access is denied the manage-bde command will not return a status), and then trim back the line so we only have the value of the field. For example:

#Check the Encryption Status of the C: drive, filter to the Conversion Status line
$EncryptionStatus=(manage-bde -status -computername "$hostname" C: | where {$_ -match 'Conversion Status'})
#Check a status was returned.
if ($EncryptionStatus)
{
  #Status was returned, tidy up the formatting
  $EncryptionStatus=$EncryptionStatus.Split(":")[1].trim()
}
else
{
  #Status was not returned. Explain why in the output
  $EncryptionStatus="Not Found On Network (or access denied)"
}

Once this is working, it’s just a case of reading in the text file using the get-content cmdlet and outputting a result. The full code (Get-EncryptionStatus.ps1) I used is available for downloading and/or improving on GitHub here- https://github.com/isjwuk/get-encryptionstatus

Microsoft Future Decoded Banner

Microsoft Future Decoded 2015

November 2015 saw the return of Microsoft’s Future Decoded event to the ExCel Center in London. I didn’t make it last year (it was a week after TechEd Europe and I was all Microsofted out!) so I’ve been looking forward to the Tech Day of this event since the registration notice back in May. This is my summary of the day. Continue reading

Using PowerShell to check a folder copied

I’ve had a number of times over the years where I’ve needed to guarantee to someone that their data is unchanged as a result of an IT action- when we’ve migrated servers, replaced disks etc. The detailed, in depth, article by Jeff Hicks over at Petri.com “Hashing it Out in PowerShell: Using Get-FileHash” showed me that a file-hash comparison was possible in Windows without a third party piece of software.

So, inspired by that, here’s a short bit of PowerShell script to check two folders are the same- the folder had been previously copied with a ROBOCOPY /MIR command. The script makes two lists of hashes, one for each folder, and compares the two.

$SourceHash = Get-ChildItem -recurse X:\Folder\ | Get-FileHash
$TargetHash = Get-ChildItem -recurse Y:\Folder\ | Get-FileHash
Compare-Object $SourceHash.Hash $TargetHash.Hash

Or if you want to squish it to one line

Compare-Object (Get-ChildItem -recurse X:\Folder\ | Get-FileHash).Hash (Get-ChildItem -recurse Y:\Folder\ | Get-FileHash).Hash

If the two folders are the same (i.e. the Robocopy worked as it should) then no output is displayed. To check it’s working, adding -includeequal to the end of the Compare-Object line will also output a line for identical files. For example

Compare-Object (Get-ChildItem -recurse X:\Folder\ | Get-FileHash).Hash (Get-ChildItem -recurse Y:\Folder\ | Get-FileHash).Hash -includeequal

This should hopefully be a quick and simple solution for others, check out Jeff Hicks’ article or type get-help get-filehash in a PowerShell window for more in-depth information.

Customisation of Server 2012R2 in VMware ESX 5 VM fails

In VMware ESX 5.0.U2 when deploying a Server 2012R2 VM from a template with customisations applied  the following error message appears:

Customization of the guest operating system ‘windows8Server64Guest’ is not supported in this configuration

Clone Virtual Machine Error Message

The solution (for me at least) is to install VMtools on the template VM and retry the Deploy operation.

Deploy with Group Policy error

When deploying a printer by Group Policy using the Windows Server 2008 R2 “Print Management” application on a Windows Server 2003 Active Directory the following error may appear.

Deploying printer connection ‘\\server\printer’ to per machine GPO ‘GPO_Name’ failed. Please make sure that the schema on the Active Directory domain controller has been updated to support printer connection settings.

This can be resolved by Continue reading