0

I am trying to determine if a particular hard disk drive supports hardware-based full disk encryption. I know I can use the model number and check the manufacturer's website, but that is only feasible if I were doing this for a handful of computers. I have a fleet of about 1000 computers that I want to check for this.

Is there some utility or script that I can run on a remote computer that will query a hard disk drive and find out whether it supports hardware-based full disk encryption? What are some effective hard disk interrogation tactics?

I spent some time searching for a way to do this, but I ended up in a dark alley hearing whispers of IOCTL_ATA_PASS_THROUGH and got scared away.

The vast majority of computers I would like to check are running Windows (XP, Vista, and 7), but I do have several Mac OS X computers that I would like to check, too.

William Jackson
  • 820
  • 1
  • 6
  • 16
  • After reading [the blog](http://blog.superuser.com/2011/12/12/some-updates-to-the-faq/) I realized this may be more appropriate on Server Fault. – William Jackson Dec 12 '11 at 14:39
  • You might have some luck using [hdparam](http://en.wikipedia.org/wiki/Hdparm) and a batch file. –  Dec 12 '11 at 14:50
  • Note that the drive itself isn't the only requirement. You also need a uefi environment (or some equivalent) preboot environment – Jim B Dec 12 '11 at 19:35

3 Answers3

2

I would start with gathering inventory of hardware you have; probably, it's not so many hard drive models at the end. For instance, you can use smartctl from smartmontools (they have a Windows version) and some simple scripting to run smartctl -a sda > logFile on each machine and send you the report. The first few lines of the log file will contain the drive model.

When it comes to the interrogation techniques take a look here.

Skyhawk
  • 14,200
  • 4
  • 53
  • 95
pQd
  • 29,981
  • 6
  • 66
  • 109
2

I would use OCS Inventory NG to collect information on all of your hardware, including hard drive and system/motherboard model numbers. I would then run a very simple SQL query against the OCS configuration database (which is implemented comprehensibly using MySQL) to identify the different combinations of system and HDD that you have in place.

Skyhawk
  • 14,200
  • 4
  • 53
  • 95
2

You can run gwmi win32_diskdrive | foreach {$_.model} to retrieve drive models. This can easily be expanded to run across the enterprise. More importantly than the drive is going to be whether the bios and/or controller firmware support the drive. While you can install a hardware encrypted drive in any system, not every system will turn on the encryption.

Ward - Trying Codidact
  • 12,899
  • 28
  • 46
  • 59
Jim B
  • 24,081
  • 4
  • 36
  • 60