BitLocker Values

1
votes

I'm trying to get BitLocker information from a remote host. I used to do this using PowerShell (Get-BitLockerVolume) which would provide lots of useful information. When I try using C#, I don't get as much information back. Looking on Microsoft's website and from further research, I can't find anything to help me.

Does anyone know how to get the same output as Get-BitLockerVolume in C#?

By the way, this is what I've been testing within C#:

CimSession session = CimSession.Create(computerHostName);

IEnumerable<CimInstance> GI1 = session.QueryInstances(@"root\cimv2\Security\MicrosoftVolumeEncryption", "WQL", "SELECT * FROM Win32_EncryptableVolume");

foreach(CimInstance i in GI1)
{
    Console.WriteLine("MountPoint: {0}, Protection: {1}",
        i.CimInstanceProperties["DriveLetter"].Value,
        i.CimInstanceProperties["ProtectionStatus"].Value);
}
1
c#wmibitlocker
The user account you use matters, DriverLetter is a per-user setting.Hans Passant
PowerShell modules are typically implemented in either PowerShell or a .NET assembly (easily decompiled). (Get-Command Get-BitLockerVolume).Module | Get-Module | Select Path will point you directly to the source in this case. Looking at that (Get-BitLockerVolumeInternal), you'll see it uses the same CIM class as you're using, but calls a few more methods to get some data directly as properties. You can either replicate that stuff, or go the easy way and use a PowerShell pipeline in C# to just call Get-BitLockerVolume directly.Jeroen Mostert
Thanks @JeroenMostert ! Didn't know I could track back the source like that. I was hoping to only use C# but using PowerShell as well seems simpler in this case.I.T Delinquent
@JeroenMostert When I used a runspace and run PowerShell inside to the remote host, when running Get-Process I get the information back but I don't get anything back when using Get-BitLockerVolumeI.T Delinquent

1 Answers

0
votes

As Jeroen recalls, you will be able to get that information calling methods on your WMI instances. As for the docs, Win32_EncryptableVolume only exposes the following properties:

class Win32_EncryptableVolume
{
  string DeviceID;
  string PersistentVolumeID;
  string DriveLetter;
  uint32 ProtectionStatus;
};

To easily get the information you need using WMI and method access, you can use ORMi library:

You can define for example your class like this:

public class Win32_EncryptableVolume : WMIInstance
{
  public string DeviceID {get; set;}
  public string PersistentVolumeID {get; set;}
  public string DriveLetter {get; set;}
  public int ProtectionStatus {get; set;}

  [WMIIgnore]
  public int Version {get; set;}

  public int GetVersion()
  {
     return WMIMethod.ExecuteMethod<int>(this)
  }
}

Then you could do something like:

WmiHelper _helper = new WmiHelper("root\\Cimv2"); //Define the correct scope

List<Win32_EncryptableVolume> volumes = _helper.Query<Win32_EncryptableVolume>().ToList();

foreach(Win32_EncryptableVolume v in volumes)
{
    v.Version = v.GetVersion();
}