Hi Folks,
Today we will check, Bitlocker Encryption Method on clients. As you know there is 2 different type of encryption method ;
* Used Disk Space Only
* Fully Encryption
BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that did not have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted. In that case, traces of the confidential data could remain on portions of the drive marked as unused. But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 10 lets users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent. Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they are overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it is written to the disk.
First, We can use below cmdlet to see , status of Bitlocker's details.
manage-bde -status
Secondly, we also use below powershell cmdlets , we assume encryted volume is C: Label. If you do not use any label, this cmdlet gets all volumes for the current computer.
Get-BitLockerVolume C:
So which one is right ? both screen shot belongs to same computer and it confuse us. The answer is second cmdlet which is Get-BitlockerVolume because it gets information about volumes that BitLocker Drive Encryption can protect.
If we want to check some collection about the bitlocker volume status , we can use below cmdlets to get report on sccm Run Script features.
$Enc = (Get-BitLockerVolume C:).VolumeStatus
write-host $Enc
After Run Scripts, you get below report on the same windows
