cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Using hard drive encryption endpoint checks with BitLocker

boi
Nimbostratus
Nimbostratus

I'm looking to see if I can get some advice on implementing Client Side Endpoint Checks that will check to see if the machine requesting VPN access has their hard drives encrypted with BitLocker.

 

Our organization would like to up our security posture by implementing hard drive checks on all machines that log on to the VPN. When testing this I got about a 50% success rate but I'm not sure why some machines are getting through but others aren't. (We have a policy that all computers must be BitLockered)

 

Our current rule looks like this:

0691T000009jxutQAA.png

and we get error messages in our logs that look like this:

Session variable 'session.check_software.last.hd.item_1.errors' set to '-32 - Access denied - Invoke(MID_HDENCRYPTION_GETENCRYPTIONSTATE, &locationProp, &stateProp) -32 - Access             denied - Invoke(MID_HDENCRYPTION_GETENCRYPTIONSTATE, &locationProp, &stateProp) '

 

I haven't found a lot of information that is helpful and that is why I'm asking this question here. I will try and answer any questions that you have as quickly as I can. Does anyone have any hints or suggestions?

 

0 REPLIES 0