A VBScript to Inventory Bitlocker data

The first goal that I set out to achieve was to fix the way we verify that a system is encrypted or not.  When I was first asked to follow our procedure, I couldn’t believe how badly it was being handled.  We have government auditors coming in every 3 months that we have to report to and what we were doing was … creating a list of randomly selected computers, then remote into them and get a screenshot of the computers Bitlocker Control Panel, which we would them provide the auditor with.  There are so many things wrong with this approach that I find it a little sad the auditor accepted the process to begin with.  It was going to take scrapping the current system, working up a new one, then getting Security to buy off on my system and present it to the auditors.

For starters, I created a new database on one of my existing servers for data collection called Inventory.  This would become the central repository for all the data that I’d end up collecting over the next year and the main tool used to help me sort it all out.

For the encryption script, I was in the unfortunate position that I had to use VBScript, since it would be hosted on each system in the enterprise and we don’t have PowerShell scripts enabled on our systems.  You can see the full script here: systemconnect

Why don’t I like using VBScript anymore?

Set ObjShell = CreateObject(“WScript.Shell”)

Set ObjReg = GetObject(“WinMgmts:{impersonationLevel=impersonate}!\.rootdefault:StdRegProv”)

Set ObjWMI = GetObject(“winmgmts:{impersonationLevel=impersonate}!\.rootcimv2”)

Set ObjWMI2 = GetObject(“winmgmts:{impersonationLevel=impersonate,authenticationLevel=PktPrivacy}!\.rootCIMV2SecurityMicrosoftVolumeEncryption”)

Too many objects to keep track of!  To even think about using SQL with VBScript, what would be one line in PowerShell starts off like this:

strConn = “Provider=sqloledb;Server=CACRPDFS01;Database=Inventory;Trusted_Connection=Yes;Integrated Security=SSPI;”

Set objSQL = CreateObject(“ADODB.Connection”)

   objSQL.CommandTimeout = 3000

objSQL.Open strConn

If Err.Number <> 0 Then


End If

Set objRS = CreateObject(“ADODB.Recordset”)

objRS.CursorLocation = adUseClient

Wouldn’t typing “Invoke-SQLCMD” be SO much easier?  Anyways, enough griping about VBScript, enjoy the code.

This entry was posted in Programming and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s