Skip to main content

BitLocker Management for Windows 10 and 11

Description

This article provides a comprehensive overview of the Compliance Pack dedicatedhelps toyou managing and reportingreport on theBitLocker status and, when assigned, enable BitLocker encryptionon status forsupported Windows 10 and Windows 11 devicesdevices. usingThe FileWave.Custom BitLockerFields isreport anrecovery essential security feature that encrypts the entire disk to protect data from unauthorized access. Organizations need to ensure BitLocker is activatedkey and properlyencryption configuredstatus. toThe meetenforcement securityFileset standardscan andtake regulatoryaction, mandates.so Thistest Compliance Pack facilitates monitoring, reporting, and management of BitLockerit on a small Windows 10group andbefore 11wider devices, aiding organizations in maintaining a secure operational landscape.deployment.

Ingredients

  • FileWave Central

  • Windows OS systems running a version of Windows that is licensed for BitLocker

  • BitLocker Fileset

    • Activation: Associate the Fileset with Windows clients to enable BitLocker.

    • Deactivation: Remove the association to disable BitLocker.

    • Customization: The script within the Fileset includes specific options that can be customized by administrators based on organizational needs.

  • Custom Fields

    • BitLocker Key: Displays the recovery keys for encrypted drives. For example, "C:, 219296-176121-018458-479017-019437-305833-463155-542608". After importing the Custom Field, choose to assign it to specific devices or all devices.

    • BitLocker Status: Presents the current encryption state, such as "Conversion Status: Used Space Only Encrypted".

BitLocker Compliance Pack
FileWave Download.png

Directions

Download

  1. Download the BitLocker Compliance Pack.

    • Unzip the zip file and you will find a Fileset as well as a Custom Fields file.

BitLocker Custom Fields

The Custom Fields willreport reportBitLocker information toonly. youThey and willdo not encrypt the devices or takechange anyBitLocker actionsettings. otherUse thanthe reporting in their current form. Thesteps below stepsto willimport getand youassign started.them.

  1. In FileWave Central go to Assistants -> Custom Fields -> Edit Custom Field Definitions.
  2. Click "Import" and pick the .customfields file from the zip you downloaded.
  3. For both BitLocker Key and also BitLocker Status you'll want toStatus, select eachthe Custom Field and check "Assigned to all devices" if you would likewant to capture the status for all.all Otherwisedevices. youTo couldscope pickreporting to specific devices, select those devices in the Clients viewview, right-click, and right click there and pick tochoose Edit Custom Field Associations to set specific devices to report.Associations.
  4. YouAdd canthe now add these 2two new fields to the Clients view or to any QueryReports (Report)formerly andQueries). see the status. You'll want to doRun a Model Update andUpdate, then wait for a devicedevices to report ininventory before expecting data to see the reporting data.appear. 

Bitlocker Enforcement Fileset

This Fileset will take action on devices ifwhen assigned. Test it is assigned to them. You should testfirst and beconfirm surethe youencryption understand what it is doingbehavior before applying it.it Ifbroadly. When you Associateassociate it with a devicecapable youWindows will seedevice, that device will encrypt,encrypts, and the Custom Fields you added will report onthe that.result There is always a delay between action and reporting because anafter inventory mustruns. occur to see it in FileWave so don't worry if itReporting is not immediate,immediate andbecause FileWave needs a new inventory check-in; use Verify during testing if you can use a Verify to askwant the device to inventoryreport sooner when testing.sooner.

  1. Drag and drop the Bitlocker Enforcement.fileset in to your Filesets area in FileWave Central.
  2. Move it to wherever you would like it in the Filesets area.
  3. Create an Association or a Deployment to assign it to a device.
  4. Watch thatthe device encrypt by looking at properties forchecking the drive on that computerproperties in Windows Explorer or withby running 

    manage-bde.exe on that computer. The Custom Fields willdo not update in real timetime, so thatchecking locally is the bestclearest waytest to watch when testing.signal.

  5. Notice what happens if you break the Association. The device will decrypt.

YouTo may wonderinspect how thisthe allpack works.works, Ifselect youthe pickFileset and open Scripts from the toolbartoolbar. when highlighting theThe Fileset youincludes will see there is aone script to encrypt and one to decrypt. If youencryption runfails, incheck tothe issues encrypting you will seeFileset log informationdirectory inunder C:\ProgramData\FileWave\log\fwcld\. in the directory for the Fileset. EveryEach Fileset has anits IDown numberID-numbered anddirectory. aAlso directory will be there forconfirm that Fileset. Consider if you are runningthe Windows Homeedition Editionsupports orBitLocker; some other version that doesn't include BitLocker. WeFileWave can only enable BitLocker when the OSoperating issystem capable.includes Therethat arecapability. other settings and requirements and you'll see in theThe encryption script thatincludes options you couldcan edit itadjust if youyour wouldorganization likeneeds todifferent setBitLocker optionssettings. slightly differently. 

Next Steps

We will look to include instructions on setup of a Dashboard in Grafana and to simplify the setup instructions even more.