Powershell script to check Bitlocker Status and email if Off

Question

I am trying to make a script that will check the BitLocker status automatically, and then send an email if it is not enabled.

Here is what I have so far:

Get-BitlockerVolume -MountPoint "C:" | Select ProtectionStatus

That shows me the status, but now I am struggling to process the output. I've tried doing it like this:

$OutputVariable = (Get-BitlockerVolume -MountPoint "C:" | Select 
ProtectionStatus)
If ($OutputVariable -like "Off") {Echo "Oops"}
Else {Echo "Wow!"}

Which should output me "Oops" if I'm understanding it correctly, but it keeps showing me "Wow!"

Maybe I am doing it wrong, so I'm looking for some guidance.

Edit:

Thanks to the comments below, I was able to make it work. Here's my full script:

# Bitlocker Script

set-alias ps64 "$env:windir\sysnative\WindowsPowerShell\v1.0\powershell.exe" 
set-alias ps32 "$env:windir\syswow64\WindowsPowerShell\v1.0\powershell.exe"
ps64 {Import-Module BitLocker; Get-BitlockerVolume}
$wmiDomain = Get-WmiObject Win32_NTDomain -Filter "DnsForestName = '$( (Get-WmiObject Win32_ComputerSystem).Domain)'"
$domain = $wmiDomain.DomainName
$OutputVariable = (ps64 {Get-BitlockerVolume -MountPoint "C:"})
If ($OutputVariable.volumestatus -like "FullyEncrypted") 
{
Exit
} 
ElseIf ($OutputVariable.volumestatus -NotLike "FullyEncrypted") 
{
$date = Get-Date
$emailSmtpServer = "smtp.xxx.com"
$emailSmtpServerPort = "xxx"
$emailSmtpUser = "xxx@xxx.nl"
$emailSmtpPass = "xxx"

$emailMessage = New-Object System.Net.Mail.MailMessage
$emailMessage.From = "Report <xxx@xxx.nl>"
$emailMessage.To.Add( "xxx@xxx.net" )
$emailMessage.Subject = "Bitlocker Status Alert | $domain $env:COMPUTERNAME"
$emailMessage.Body = "Bitlocker niet actief op $domain $env:COMPUTERNAME getest op $date"

$SMTPClient = New-Object System.Net.Mail.SmtpClient( $emailSmtpServer , $emailSmtpServerPort )
$SMTPClient.EnableSsl = $true
$SMTPClient.Credentials = New-Object System.Net.NetworkCredential( $emailSmtpUser , $emailSmtpPass );


$SMTPClient.Send( $emailMessage)
}

`Get-BitockerVolume` doesn't just return a string: https://learn.microsoft.com/en-us/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps#outputs — gvee, Feb 26 '18 at 13:51

Mark Wragg · Accepted Answer · 2018-02-26T18:23:00.800

PowerShell returns objects. You use the Select cmdlet to reduce the properties of those objects to ones you're interested in.

As such the following command:

Get-BitlockerVolume -MountPoint "C:" | Select ProtectionStatus

Returns an object with a single "ProtectionStatus" property and as a result comparing that to a string does not result in a match.

You can instead access the property via dot notation (e.g $OutputVariable.protectionstatus) to perform a comparison on its content. Alternatively, you could modify your Select cmdlet to use -ExpandProperty which will return the value of the specified property as an object of its type:

$OutputVariable = Get-BitlockerVolume -MountPoint "C:" | Select -ExpandProperty ProtectionStatus

Another way to achieve the same result would be:

$OutputVariable = (Get-BitlockerVolume -MountPoint "C:").ProtectionStatus

Here the brackets make the cmdlet execute, but then we use dot notation to just return the specified property.

score 2 · Answer 2 · answered Feb 26 '18 at 13:42

2

$OutputVariable = (Get-BitlockerVolume -MountPoint "C:")
If ($OutputVariable.protectionstatus -like "Off") 
{
    Write-Output "Oops"
} 
Else 
{
    Write-Output "Wow!"
}

Try this

answered Feb 26 '18 at 13:42

Vladimir Bundalo

645
8
18

Powershell script to check Bitlocker Status and email if Off

2 Answers2