-2

I'm trying to write a script but I'm really bad at writing the batch scripts. I'm trying to create a script that recognizes local hard drives and puts the letter of those hard drives in a variable, and after that I use that variable in another for loop to decrypt the hard drive if it's encrypted.

Example:

:check
for /f "tokens=2 delims==" %%d in ('wmic logicaldisk where "drivetype=3" get name /format:value') do (
set vvv=%%d
for /f "tokens=1,*" %%A in ('manage-bde -status %vvv% ^| findstr Conversion') do set var1=%%B
Rem  Try to find if value is Encrypted or not
echo %vb1%|find "Encrypted" >nul
if errorlevel 1 ( goto :check) else ( goto :decrypt_c))
Matija92
  • 1
  • 1
  • rather than reinvent the wheel, search out the dozens of duplicate questions for the situation you are trying to solve and make an attempt to utilise one or more of the accpeted solutions. Capture command [output in a variable](https://stackoverflow.com/questions/6359820/how-to-set-commands-output-as-a-variable-in-a-batch-file) List [Local hard Drives](https://stackoverflow.com/questions/29484348/batch-script-to-list-local-hard-drives-and-then-do-a-dir-command-on-each-drive). – T3RR0R Oct 01 '20 at 14:03
  • Note also there is no reason to assign command output to variable within a forloop if you are not modifying it or using it outside of the for loop – T3RR0R Oct 01 '20 at 14:03

2 Answers2

0

Perhaps you'd be better off using the Win32_EncryptableVolume Class.

This example will create variables, e.g. %EncryptedDriveLetter[1]%, %EncryptedDriveLetter[2]%, %EncryptedDriveLetter[3]% etc., with the respective content of e.g. C:, E:, F:

@Echo Off & SetLocal EnableExtensions DisableDelayedExpansion
For /F Delims^== %%G In ('2^> NUL Set EncryptedDriveLetter[')Do Set "%%G="
For /F Delims^= %%G In ('^""%SystemRoot%\System32\wbem\WMIC.exe" ^
 /NameSpace:\\root\CIMv2\Security\MicrosoftVolumeEncryption Path ^
 Win32_EncryptableVolume Where ^
 "ConversionStatus!='0' And EncryptionMethod!='0' And VolumeType<'2'" ^
 Get DriveLetter 2^> NUL ^| "%SystemRoot%\System32\find.exe" ":"^"'
)Do (Set /A i+=1 & SetLocal EnableDelayedExpansion
    For %%H In (!i!) Do EndLocal & Set "EncryptedDriveLetter[%%H]=%%G")
Set EncryptedDriveLetter[ & Pause

Notes: This must be run 'As administrator', and the last line is included just to provide some visual output. You would of course, replace that, with the rest of your script.

Just to be sure that you understand why I provided this methodology; if you were simply wanting to decrpt the encrypted drives, you don't need a for loop, or variables or manage-bde. You would just change the Get method to Call and use Decrypt.

For example:

@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:\\root\CIMv2\Security\MicrosoftVolumeEncryption Path Win32_EncryptableVolume Where "ConversionStatus!='0' And EncryptionMethod=!'0' And VolumeType<'2'" Call Decrypt

Just to mention, if the protection status prior to decryption was 1, i.e. Protection On, upon successful completion the protection status will be changed to 0, i.e. Protection Off.

Compo
  • 36,585
  • 5
  • 27
  • 39
  • Thanks again Compo! But can you give me advice, how to resolve problem with putting variable into command, I would like to understand how to use variables from FOR loop and put it weiter in some command. @echo off SETLOCAL ENABLEDELAYEDEXPANSION for /f "tokens=2 delims==" %%d in ('wmic logicaldisk where "drivetype=3" get name /format:value') do ( Set vvv=%%d echo !vvv! manage-bde -off %vvv%) pause – Matija92 Oct 05 '20 at 06:58
  • '@echo off SETLOCAL ENABLEDELAYEDEXPANSION for /f "tokens=2 delims==" %%d in ('wmic logicaldisk where "drivetype=3" get name /format:value') do ( Set vvv=%%d echo !vvv! set "myvar=manage-bde -off !vvv!" !myvar! pause) endlocal – Matija92 Oct 05 '20 at 13:08
  • @Matija92, I'm not sure why you keep on posting code irrelevant to my answer in the comment section beneath it. To be clear, I will not be modifying your code, because I do not believe it is the correct way to perform the task, I understood you were trying to achieve. If you want to [edit your question](https://stackoverflow.com/posts/64156025/edit), to supply that code and provide along with it the entire task you're trying to achieve, so that I can determine if there is a better or more robust way, please feel free to do so, but it will not affect the issued closure notice. – Compo Oct 05 '20 at 14:32
  • Ok Compo, thank you anyway. I found a solution.I adapted a couple of commands to the German language because I live in German, but the purpose and function are the same. My script finds local disks, and then the one that is decrypted encrypts. – Matija92 Oct 06 '20 at 05:38
  • @echo off SETLOCAL ENABLEDELAYEDEXPANSION :check for /f "tokens=2 delims==" %%d in ('wmic logicaldisk where "drivetype=3" get name /format:value') do ( set vvv=%%d set "myvar=manage-bde -status !vvv!" set "myvar2=manage-bde -off !vvv!" call !myvar! for /f "tokens=1,*" %%A in ('manage-bde -status !vvv! ^| findstr Konvertierungsstatus') do ( set vb1=%%B Rem Try to find if value is entschlüsselt or not echo !vb1! echo !vb1!|find "verschl" >nul if errorlevel 1 ( timeout 3 ) else ( call !myvar2! timeout 5)) ) endlocal – Matija92 Oct 06 '20 at 05:39
0
@Echo Off
:check
for /f "tokens=2 delims==" %%d in ('wmic logicaldisk where "drivetype=3" get name /format:value') do (
echo %%d
manage-bde -off %%d )
pause

That code works fine until echo %%d, when I try to put it into manage-bde command does not work...When I have for example 3 hard drives, I will do loop and turn off BitLocker for all partitions. Thanks!

Matija92
  • 1
  • 1
  • Matija92, how about showing a little more respect, and providing feedback, considering the time and effort I put into providing an answer, with example code for you, seventy one minutes before you posted this up! – Compo Oct 01 '20 at 18:31
  • Sorry, I have a window left open and I have just answering to expand my question, so I didn't pay attention to your answer. Unfortunately, your code didn't help me at all, but thank you for your time and try! – Matija92 Oct 01 '20 at 20:38
  • Matija92, I use that particular methodology myself, so I know it works. The code I provided will output the drive letters of all fixed drives which are bitlocker encrypted. I provided a link to the information for that class, so that you could adjust any of the `where` filters as needed, and as well as that the `get` method could be replaced to do other things too. Perhaps you just didn't try hard enough to use the information I presented in formulating something more specific for your needs. – Compo Oct 01 '20 at 22:36
  • Compo, thank you, but i will make a script where I can for example user your variable %EncryptedDriveLetter% in command manage-bde -off %EncryptedDriveLetter%, and do the same for all fixed drives whitch are bitlocker encrypted. Thank you very much for your help! – Matija92 Oct 02 '20 at 07:41
  • I've added an additional example, to my answer, to show you, what I meant regarding adjusting the `get` method. The example is a single command line which should decrypt, all bitlocker encrypted fixed drives, (subject to the usual key restrictions etc.). – Compo Oct 02 '20 at 11:26