Auditing BitLocker Deployments

Applies To: Windows 7, Windows Server 2008 R2

Being able to report on the successful deployment of BitLocker on drives in your organization is important for assessing the amount of organizational compliance and assessing the amount of data at risk.

You can obtain information the status of BitLocker on a drive by using the BitLocker Windows Management Instrumentation (WMI) provider Win32_EncryptableVolume and querying the value of the ProtectionStatus property. ProtectionStatus reports the BitLocker status of the drive at the time it was instantiated. It will return either protection on, protection off, or protection unknown. You can also query for the real-time status of a drive using the GetProtectionStatus method and you can find out conversion status using the GetConversionStatus method. For more information about the BitLocker WMI providers available, see BitLocker Drive Encryption Provider (https://go.microsoft.com/fwlink/?LinkId=157597) on the MSDN Web site.