Can the inventory agent pickup if bitlocker or apple file vault is enabled? So we can report on what is encrypted?
I think, thats more than a license tool can do. If you are using a deployment tool, you can run a Commandline script or a PowerShell script to recognzie the state of bitlocker. That's the way how we do this.
For Batch:manage-bde c: -status
the return code give you the anweser:"0" => Bitlocker is active, partition c: is encrypted"1" => Bitlocker is active, partition c: is not encryted
"-1" => Bitlocker is not activ, partition c: is not encypted
This will give you information that can be evaluated
I think not out-of-the-box. The only indication is a running bitlocker Service, but this is not a sure statement.
This answer will be specific to Apple FileVault.
When scanning Apple OS X systems running FileVault, depending on the Snow agent/client version, the hard drive space will read 0. The reason being is that the Snow agent/client is scanning using a system user account with minimal permissions to scan while the user login would be the one to decrypt the HD for use during that session. This leads to the user being able to see all their hard drive information while the Snow agent/client won't. Note that our agent/client permissions in conjunction with Apple's encryption will not prevent us from reading the hard drive to scan for software.
As far as running reports, this will have to be a custom report presumably based off of the All Computers report since it would be looking at the disk space values.
As Kai indicated. it is not something that is "out-of-the-box" and is actually quite tricky to get. Because our agent typically exists in the encrypted environment, and tools like Bitlocker and FileVault actually obfuscate their processes so that a hacker will not know what is going on.
As Arron pointed out, you can do some fancy stuff that will IMPLY that this is running, but if you want know to sure, than you will need to setup a script to get that information. That being said, contact your customer rep as we do have the boilerplate for bitlocker status. (it takes both an agent update, and an SQL update) I am not so optimistic about FileVault.
If you have any additional questions, I will be monitoring this thread,
Snow Support Manager – North America
it does not seem too fancy to me, as Snow Inventory already shows the current encryption status here:
As there is no easy way to forward such information from SI to SLM, i am missing this information in SLM. I will create a feature request, to create such mechanism to take over single fields from SI to SLM more easy.
In our company Infrastructure rejects to use data from SLM as they miss hardware information (like encryption).
I don't know what's that for a encryption is (propably HDD ATA self encypt function), but in my tests showing Inventory on this place a "encryption" for a drive that definitely was not Bitlocker encrypted. I would not trust that.
Yes this seems like the best way if Snow doesn't do it out of the box.
How can we send this information to a Snow cloud instance? So it's recorded in the DB?
easiest way I suggest is to drop the output of your script into the registry and tweak the client config to read your section as part of the scan, then you can query it centrally. I do a lot of out of the box activities and 'feed' it into the snow scan
But what about encryption on Linux systems? Does Snow recognize this information?
lsblk |grep sda sda 8:0 0 111,8G 0 disk ├─sda1 8:1 0 731M 0 part /boot ├─sda2 8:2 0 1K 0 part └─sda5 8:5 0 111,1G 0 part └─sda5_crypt 253:0 0 111,1G 0 crypt
Retrieving data ...