出于我的目的,我需要知道的是它的DOS路径驱动器的BitLocker加密状态。像这样:
enum DriveEncryptionStatus{
Unprotected,
Protected,
Unknown
};
DriveEncryptionStatus = GetDriveBitlockerEncryptionStatus(L"C:\\");
我能够找到Win32_EncryptableVolume课,不幸的是这个警告:
要使用Win32_EncryptableVolume方法,请满足以下条件 必须满足:您必须具有管理员权限。
不知道如何在不以管理员身份运行的情况下如何做到这一点?
答案 0 :(得分:2)
BitLocker状态可供shell中的任何普通用户使用。 Windows使用Win32 API中的Windows Property System获取状态,以检查未记录的shell属性System.Volume.BitLockerProtection。您的程序也可以在没有提升的情况下检查此属性。
如果此属性的值为1,3或5,则在驱动器上启用BitLocker。任何其他值都被视为关闭。
您可以使用Win32 API检查此shell属性。出于礼貌,我已从my other answer to a similar question.
移植了我的托管实现#include <shlobj.h>
#pragma comment(lib, "shell32.lib")
#pragma comment(lib, "propsys.lib")
DriveEncryptionStatus getDriveEncryptionStatus(LPCWSTR parsingName)
{
IShellItem2 *drive = NULL;
HRESULT hr = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);
hr = SHCreateItemFromParsingName(parsingName, NULL, IID_PPV_ARGS(&drive));
if (SUCCEEDED(hr)) {
PROPERTYKEY pKey;
hr = PSGetPropertyKeyFromName(L"System.Volume.BitLockerProtection", &pKey);
if (SUCCEEDED(hr)) {
PROPVARIANT prop;
PropVariantInit(&prop);
hr = drive->GetProperty(pKey, &prop);
if (SUCCEEDED(hr)) {
int status = prop.intVal;
drive->Release();
if (status == 1 || status == 3 || status == 5)
return DriveEncryptionStatus::Protected;
else
return DriveEncryptionStatus::Unprotected;
}
}
}
if (drive)
drive->Release();
return DriveEncryptionStatus::Unknown;
}
int main()
{
DriveEncryptionStatus status = getDriveEncryptionStatus(L"C:");
return 0;
}
答案 1 :(得分:0)
基于this answer ...
在Windows 10 1909(10.0.18363.1082)上根据经验确定的System.Volume.BitLockerProtection的值:
| System.Volume. | Control Panel | manage-bde conversion | manage-bde | Get-BitlockerVolume | Get-BitlockerVolume |
| BitLockerProtection | | | protection | VolumeStatus | ProtectionStatus |
| ------------------- | -------------------------------- | ------------------------- | -------------- | ---------------------------- | ------------------- |
| 1 | BitLocker on | Used Space Only Encrypted | Protection On | FullyEncrypted | On |
| 1 | BitLocker on | Fully Encrypted | Protection On | FullyEncrypted | On |
| 1 | BitLocker on | Fully Encrypted | Protection On | FullyEncryptedWipeInProgress | On |
| 2 | BitLocker off | Fully Decrypted | Protection Off | FullyDecrypted | Off |
| 3 | BitLocker Encrypting | Encryption In Progress | Protection Off | EncryptionInProgress | Off |
| 3 | BitLocker Encryption Paused | Encryption Paused | Protection Off | EncryptionSuspended | Off |
| 4 | BitLocker Decrypting | Decryption in progress | Protection Off | DecyptionInProgress | Off |
| 4 | BitLocker Decryption Paused | Decryption Paused | Protection Off | DecryptionSuspended | Off |
| 5 | BitLocker suspended | Used Space Only Encrypted | Protection Off | FullyEncrypted | Off |
| 5 | BitLocker suspended | Fully Encrypted | Protection Off | FullyEncrypted | Off |
| 6 | BitLocker on (Locked) | Unknown | Unknown | $null | Unknown |
| 7 | | | | | |
| 8 | BitLocker waiting for activation | Used Space Only Encrypted | Protection Off | FullyEncrypted | Off |
答案 2 :(得分:-1)
在 CMD 和 Powershell 中也很容易做到 在 CMD shell 中,您可以使用此单行代码要求 Powershell 将该值作为退出代码返回:
powershell -command exit 1000 + (New-Object -ComObject Shell.Application).NameSpace('C:').Self.ExtendedProperty('System.Volume.BitLockerProtection')
并检查 CMD shell 中返回的 %ERRORLEVEL%