PENDING SCCM Bitlocker Query Collection

[David Wilkinson]

Hi there,

I want to find out all devices on my network that dont have BITLOCKER enabled on them, is there a query that i can run that will create a collection and allow me to see what devices i need to target?

 

[Edy]

if you installed the MBAM integration with SCCM, the collection will be created automatically. here is the WQL query to find the MBAM supported computers.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId  inner join SMS_G_System_OPERATING_SYSTEM_EXT on SMS_G_System_OPERATING_SYSTEM_EXT.ResourceID = SMS_R_System.ResourceId  inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId  left outer join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId where ((SMS_G_System_OPERATING_SYSTEM.Version like "10.0.%" or SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%" and SMS_G_System_OPERATING_SYSTEM_EXT.SKU in (1,4,27,28,70,71) and SMS_G_System_TPM.SpecVersion >= "1.2") or NOT (SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%" or SMS_G_System_OPERATING_SYSTEM.Version like "6.0.%" or SMS_G_System_OPERATING_SYSTEM.Version like "5.%")) and SMS_G_System_COMPUTER_SYSTEM.DomainRole = 1 and (SMS_G_System_COMPUTER_SYSTEM.Model not in ("Virtual Machine", "VMware Virtual Platform", "VirtualBox") and SMS_G_System_COMPUTER_SYSTEM.Manufacturer not in ("Xen"))

Also, the integration will create Configuration items and baselines.

if the computers are not supported then you wont be able to enable Bitlocker.