Skip to main content

BitLocker and TPM Audit

Description

This script performs a comprehensive audit of the machine's security posture regarding disk encryption and hardware security. It executes two main functions:

  1. BitLocker Audit (Get-BitLockerDetail):

    • Prerequisite Check: Verifies the presence of the 'BitLocker' module and necessary OS features.
    • Data Collection: Scans all volumes using Get-BitLockerVolume. It handles complex configurations by flattening volumes with multiple key protectors into individual rows.
    • Formatting: Generates a stylized HTML table containing granular details such as Mount Point, Encryption Method, Protection Status, Key Protector IDs, Recovery Passwords, and timestamps.
    • Storage: Populates the cPVAL BitLocker Info custom field and sets the cPVAL BitLocker Enabled for System Drive flag if the OS drive is protected.

  2. TPM Audit (Get-TPMDetail):

    • Prerequisite Check: Verifies the 'TrustedPlatformModule' module.
    • Data Collection: Retrieves hardware security details using Get-Tpm.
    • Formatting: Generates a stylized HTML table covering Manufacturer ID, AutoProvisioning status, Lockout counters, and TpmReady/Enabled states, including a 'DataCollectionTime' timestamp.
    • Storage: Populates the cPVAL TPM Info custom field.

Note:

  • This is only compatible for Windows devices.
  • The BitLocker Drive Encryption feature must be enabled on servers to perform auditing. This script will not work without enabling this feature.
  • TPM audit will still be performed even if BitLocker audit fails.

Requirements

  • PowerShell v5

Sample Run

Image1

Dependencies

Custom Fields

Field LabelScopeTypeDescription
cPVAL BitLocker InfoDeviceWYSIWYG (HTML Table)Stores the HTML-formatted inventory of BitLocker volumes and protectors.
cPVAL BitLocker Enabled for System DriveDeviceCheckboxFlag indicating if the Operating System drive is encrypted.
cPVAL TPM InfoDeviceWYSIWYG (HTML Table)Stores the HTML-formatted detailed status of the Trusted Platform Module (TPM).

Automation Setup/Import

Automation Configuration

Output

  • Activity Logs
  • Custom Fields
    • cPVAL BitLocker SysDrive Enabled
      Image4
    • cPVAL BitLocker Info
      Image2
    • cPVAL TPM Info
      Image3