From various threads I've cobbled together how to check for BitLocker programmatically like this:
private void TestBitLockerMenuItem_Click(object sender, RoutedEventArgs e) {
var path=new ManagementPath(@"\ROOT\CIMV2\Security\MicrosoftVolumeEncryption")
{ ClassName="Win32_EncryptableVolume" };
var scope=new ManagementScope(path);
path.Server=Environment.MachineName;
var objectSearcher=new ManagementClass(scope, path, new ObjectGetOptions());
foreach (var item in objectSearcher.GetInstances()) {
MessageBox.Show(item["DeviceID"].ToString()+" "+item["ProtectionStatus"].ToString());
}
}
But it only works if the process has admin privileges.
It seems odd that any old Windows user can go to Explorer, right-click on a drive, and find out if it has BitLocker turned, but a program cannot seem to get this done. Does anyone know of a way to do this?
Windows displays this in the shell by using the Windows Property System in the Win32 API to check the undocumented shell property
System.Volume.BitLockerProtection
. Your program will also be able to check this property without elevation.If the value of this property is 1, 3, or 5, BitLocker is enabled on the drive. Any other value is considered off.
During my search for a solution to this problem, I found references to this shell property in
HKEY_CLASSES_ROOT\Drive\shell\manage-bde\AppliesTo
. Ultimately, this discovery lead me to this solution.The Windows Property System is a low-level API, but you can use the wrapper that's available in the Windows API Code Pack.
Package
Using
Code