4 Replies Latest reply on May 27, 2009 3:59 PM by mrgui

    Verifying encryption state of remote machines

      My company regularly checks for deltas in our laptop environment to see what is encrypted and what might have been missed (or what might have been rebuilt by a "power user" who neglected to load EECP). There are a couple of ways to accomplish this:

      • SBADMCL GetLastCheckinDate; check that the last checkin is recent and the status is "installed"
      • Inventory scan (using a third-party tool) which checks for the presence of the SafeBoot program files and registry entry running the client manager

      I would like to come up with a third option for those machines that are - for any number of reasons - difficult to confirm are encrypted (for example, Deleted Machines that were not named properly to begin with and which wouldn't show up in a GetLastCheckinDate report and therefore cannot confirm the crypt state of). Some of the things I'd thought of:

      • Use SBADMCL and AutoIt to compile a script that could write a TXT file or registry entry confirming the crypt state, which could then be read by the Inventory Scanner
      • Use SBADMCL and AutoIt to somehow remotely query the crypt state of a machine

      The second option is the one I'm really interested in, but SBADMCL doesn't offer much in the way of remote querying of machines - much of the querying runs off of database info. Has anyone come up with anything similar, or does anyone know if there are plans to build something similar into future releases of the scripting tool? I know that this functionality could be greatly limited by the available TCP ports...