# PCS Toolkit - BitLocker Status $timestamp = Get-Date -Format "yyyy-MM-dd_HH-mm-ss" $logFile = "$env:USERPROFILE\Desktop\BitLockerStatus_$timestamp.txt" function Log($msg) { Write-Host $msg Add-Content $logFile $msg } function LogColor($msg, $color) { Write-Host $msg -ForegroundColor $color Add-Content $logFile $msg } Log "========================================" Log " PCS Toolkit - BitLocker Status" Log "========================================" Log "Generated: $(Get-Date)" Log "Computer: $env:COMPUTERNAME" Log "" # Check admin $isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-not $isAdmin) { LogColor "WARNING: Run as Administrator for full details" "Yellow" Log "" } Log "=== BITLOCKER VOLUME STATUS ===" Log "" try { $volumes = Get-BitLockerVolume -EA Stop foreach ($vol in $volumes) { Log "--- Volume: $($vol.MountPoint) ---" $statusColor = switch ($vol.ProtectionStatus) { 'On' { 'Green' } 'Off' { 'Red' } default { 'Yellow' } } LogColor "Protection Status: $($vol.ProtectionStatus)" $statusColor $encColor = switch ($vol.VolumeStatus) { 'FullyEncrypted' { 'Green' } 'FullyDecrypted' { 'Yellow' } default { 'Cyan' } } LogColor "Volume Status: $($vol.VolumeStatus)" $encColor Log "Encryption Method: $($vol.EncryptionMethod)" Log "Encryption Percentage: $($vol.EncryptionPercentage)%" Log "Volume Type: $($vol.VolumeType)" Log "Lock Status: $($vol.LockStatus)" if ($vol.KeyProtector) { Log "" Log "Key Protectors:" foreach ($kp in $vol.KeyProtector) { Log " - Type: $($kp.KeyProtectorType)" if ($kp.KeyProtectorId) { Log " ID: $($kp.KeyProtectorId)" } } } Log "" } } catch { LogColor "ERROR: $($_.Exception.Message)" "Red" Log "" Log "BitLocker may not be available on this system." Log "Requirements:" Log " - Windows Pro/Enterprise/Education" Log " - TPM 1.2 or higher (or USB key)" Log " - UEFI/Secure Boot recommended" } Log "=== TPM STATUS ===" Log "" try { $tpm = Get-Tpm -EA Stop $tpmColor = if ($tpm.TpmPresent -and $tpm.TpmReady) { 'Green' } else { 'Yellow' } LogColor "TPM Present: $($tpm.TpmPresent)" $tpmColor LogColor "TPM Ready: $($tpm.TpmReady)" $tpmColor Log "TPM Enabled: $($tpm.TpmEnabled)" Log "TPM Activated: $($tpm.TpmActivated)" Log "TPM Owned: $($tpm.TpmOwned)" Log "Manufacturer ID: $($tpm.ManufacturerId)" Log "Manufacturer Version: $($tpm.ManufacturerVersion)" } catch { LogColor "Could not get TPM status: $_" "Yellow" } Log "" Log "=== RECOVERY KEY BACKUP STATUS ===" Log "" Log "Check Azure AD/Entra ID or Active Directory for recovery key backup." Log "Recovery keys should be stored securely off-device." Log "" # Check for recovery key in AD (if domain joined) $cs = Get-WmiObject Win32_ComputerSystem if ($cs.PartOfDomain) { Log "Computer is domain-joined: $($cs.Domain)" Log "Recovery keys may be backed up to Active Directory." } else { Log "Computer is not domain-joined." Log "Recovery keys may be backed up to Microsoft Account or Azure AD." } Log "" Log "========================================" Log "SCAN COMPLETE" Log "========================================" explorer.exe "/select,$logFile" Read-Host "Press Enter to exit"