How to tell if drive is BitLocker encrypted without admin privilege?
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 5 of 5

Thread: How to tell if drive is BitLocker encrypted without admin privilege?

  1. #1
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    831

    How to tell if drive is BitLocker encrypted without admin privilege?

    For my purpose all I need to know is drive's BitLocker encryption status by its DOS path. Something like this:

    Code:
    enum DriveEncryptionStatus{
        Unprotected,
        Protected,
        Unknown
    };
    
    DriveEncryptionStatus = GetDriveBitlockerEncryptionStatus(L"C:\\");
    I was able to find the Win32_EncryptableVolume class that unfortunately comes with this caveat:

    To use the Win32_EncryptableVolume methods, the following conditions must be met:
    You must have administrator privileges.
    Any idea how to do this without running as an administrator?

  2. #2
    Join Date
    Apr 2000
    Location
    Belgium (Europe)
    Posts
    4,061

    Re: How to tell if drive is BitLocker encrypted without admin privilege?

    GetFileAttributes() and FILE_ATTRIBUTE_ENCRYPTED ?

    that prob won't be exclusive to bitlocker though.

  3. #3
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    831

    Re: How to tell if drive is BitLocker encrypted without admin privilege?

    Thanks. No, it's not that simple. FILE_ATTRIBUTE_ENCRYPTED is set for NTFS encryption, which is not the same as the BitLocker encryption. The latter one is a full drive encryption.

  4. #4
    Join Date
    Dec 2012
    Location
    England
    Posts
    2,741

    Re: How to tell if drive is BitLocker encrypted without admin privilege?

    See http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

    In the example at the bottom of this page, there is a function BOOL wmi_checkVolumeBitlocker() which seems to enumerate the drives and state the level of encryption for each. Have you looked at this to see if it will provide what you want without requiring being an administrator.

    If this is not suitable, one way of doing it would be to have a server/client setup with the server bit running as an administrator as a service that would return the info when queried then having the client part (as a user) to query the service to obtain the info required.
    All advice is offered in good faith only. You are ultimately responsible for effects of your programs and the integrity of the machines they run on.

  5. #5
    Join Date
    Nov 2003
    Location
    Portland, OR
    Posts
    831

    Re: How to tell if drive is BitLocker encrypted without admin privilege?

    Yes. The following method:
    Code:
    IWbemLocator::ConnectServer(L"ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption");
    returns 0x80041003, which is WBEM_E_ACCESS_DENIED.

    On the sidenote, I can't believe Microsoft do not moderate their own MSDN pages. That code sample you referred to is very buggy -- especially the clean-up part. So don't use it.

    As for your second solution, yes, I understand that if I had a local service running on the system I can accomplish what I want. Well, that is not the case in my situation.

    I actually found another solution, which is hinted here, that uses DetectEncryptedVolume API. Unfortunately that API, along with the CreateFileRestoreContext seem to be proprietary APIs that one needs a license to use. (I couldn't even link to them to try it out. LoadLibrary returned NULL for a 32-bit process running as WOW64.)
    Last edited by dc_2000; May 27th, 2014 at 06:38 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center