How to Verify Disk Encryption

Nita Slanina Updated by Nita Slanina

How to Verify Disk Encryption 

Please verify that the encryption is complete before shipping it to the customer. This also is the case for ANY/ALL devices being shipped back to us from a customer, a device going to ITAD, or another vendor. Yes, this includes Terms or any and all replaced devices, if there is the potential for any customer data.  

After QC'ing a device and getting a user to sign in, their OneDrive may start syncing. There could be HIPPA data in OneDrive, therefore we need to verify encryption even on new devices.

For any questions on Avita policies, please refer to the Asset Destruction Policy on GoAVA.

We CANNOT ship any device before verifying encryption is completed.

Please watch video for complete instructions on how to verify the encryption status.

Bitlocker Steps

  1. Run the following Powershell command in the Command Shell module in Kaseya LiveConnect, to obtain encryption status.
    date; get-computerinfo | Select-Object -Property CsManufacturer, CsModel, CsName, BiosSeralNumber; manage-bde -status
    ​If a device is correctly encrypted, it will show Fully Encrypted under Conversion Status.
  2. Take a screenshot and attach to the ticket. Then add the attachment to the asset in Asset Manager.
  3. If it is not fully encrypted, then need to do so before it can be shipped. See example below for a device that was not fully encrypted.
  4. Run the following commands in Command Prompt to get the device fully encrypted. Depending on size of drive, this process could take up several hours. It may require a reboot to complete the process.
    manage-bde -status
    manage-bde -off C:
    manage-bde -protectors -add C: -recoverypassword
    manage-bde -on C:

    You can run the manage-bde -status command during the re-encryption process to check the process.
    This may take some time so please do NOT wait to do your QC's until the day they are due.

How did we do?

Contact