Bitlocker
Summary
These roles are responsible for determining whether a Windows Server is eligible for BitLocker.
Settings
| Role Name | Detection String | Comparator | Result | Applicable OS |
|---|---|---|---|---|
| Windows Server BitLocker | %@powershell.exe -nologo -noprofile -command "(Get-WindowsOptionalFeature -Online -FeatureName BitLocker).state"@% | Equals | Enabled | Windows |
| Windows Server BitLocker-Utilities | %@powershell.exe -nologo -noprofile -command "(Get-WindowsOptionalFeature -Online -FeatureName Bitlocker-Utilities).state"@% | Equals | Enabled | Windows |
| Windows Server BitLocker-RemoteAdminTool | %@powershell.exe -nologo -noprofile -command "(Get-WindowsOptionalFeature -Online -FeatureName BitLocker-RemoteAdminTool).state"@% | Equals | Enabled | Windows |
How to Implement
Run the SQL commands below from RAWSQL to import these roles:
insert into `roledefinitions` (`RoleName`, `RoleType`, `RoleSubType`, `DetectionString`, `ComparisonOperator`, `ComparisonResult`, `SerialKeyString`, `ProductKeyString`, `RoleDetectionGuid`, `IsRemote`, `SearchId`, `IsSupport`, `ParentRoleDefinitionGuid`, `OsType`) values('Windows Server BitLocker','PowerShell','Role','%@powershell.exe -nologo -noprofile -command "(Get-WindowsOptionalFeature -Online -FeatureName BitLocker).state"@%','eq','Enabled','','','91266161-a2ad-11ef-8f2a-8600008a66b7','1','0','0','','1');
insert into `roledefinitions` (`RoleName`, `RoleType`, `RoleSubType`, `DetectionString`, `ComparisonOperator`, `ComparisonResult`, `SerialKeyString`, `ProductKeyString`, `RoleDetectionGuid`, `IsRemote`, `SearchId`, `IsSupport`, `ParentRoleDefinitionGuid`, `OsType`) values('Windows Server BitLocker-Utilities','PowerShell','Role','%@powershell.exe -nologo -noprofile -command "(Get-WindowsOptionalFeature -Online -FeatureName Bitlocker-Utilities).state"@%','eq','Enabled','','','618da03f-a2ba-11ef-8f2a-8600008a66b7','1','0','0','','1');
insert into `roledefinitions` (`RoleName`, `RoleType`, `RoleSubType`, `DetectionString`, `ComparisonOperator`, `ComparisonResult`, `SerialKeyString`, `ProductKeyString`, `RoleDetectionGuid`, `IsRemote`, `SearchId`, `IsSupport`, `ParentRoleDefinitionGuid`, `OsType`) values('Windows Server BitLocker-RemoteAdminTool','PowerShell','Role','%@powershell.exe -nologo -noprofile -command "(Get-WindowsOptionalFeature -Online -FeatureName BitLocker-RemoteAdminTool).state"@%','eq','Enabled','','','8be25675-a2ba-11ef-8f2a-8600008a66b7','1','0','0','','1');