I am trying to determine the accuracy of reporting from 2 seemingly difference sources (using powershell on Windows devices):
Method1
manage-bde.exe -computername $hostname -status
Returns something like 100% encrypted and partition size
Method 2
if($encryption_check_all = Get-WMIObject -ComputerName $hostname -Namespace "root/CIMV2/Security/MicrosoftVolumeEncryption" -query "SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter='C:'" | Select-Object *){
$encryption_check = $encryption_check_all.ProtectionStatus
if ($encryption_check -eq "1"){$encryption_status = "Encrypted" ; $encryption_value = 200 }
if ($encryption_check -eq "0"){$encryption_status = "No Encryption Found" ; $encryption_value = 200 }
else{}
Returns a value of "1" or "0". 0 meaning partition not encrypted, partially encrypted, or keys in plain text. BOTH snippets "work" as far as the code goes, BUT they return conflicting results. Does anyone have experience or validation for either method? Im having a device return with method 1 as a "0" but bde.exe says it is 100% encrypted. Does this for sure mean that keys are present in plain text or is there other nuances im unaware of? Any clarity is greatly appreciated.
Also if anyone is aware of data source from bde.exe. Is this just an exe to regurgitate AD bitlocker key recovery? I believe the WMI namespace call actually checks on device on partition- more accurate? THANKS!
