michael/MacAdmin
1
0
Fork 0
mirror of https://github.com/MLBZ521/MacAdmin.git synced 2026-02-03 14:03:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
master
MacAdmin/Jamf Pro/Reporting/Report-FileVaultEncryption.ps1
Zack T ff687c0e33 v1.0.0 = Initial Version 
+ Initial Version
2020-10-08 17:24:03 -07:00

105 lines
3.0 KiB
PowerShell
Raw Permalink Blame History

<#
Script Name: Report-FileVaultEncryption.ps1
By: Zack Thompson / Created: 6/19/2020
Version: 1.0.0 / Updated: 6/19/2020 / By: ZT
Description: This script will create a report on device encryption.
#>
# Define Smart Groups
$fv_prk_valid_group = "FileVault2 - Enabled - Valid PRK"
$fv_prk_missing_group = "FileVault2 - Enabled - Missing PRK"
Write-Host "Enter your Jamf Pro credentials"
# Setup Session
$Session = [PwshJamf]::new( $( Get-Credential ) )
$Session.Server = "https://jps.server.com:8443/"
$Session.Headers['Accept'] = "application/xml"
$Session.VerifyAPICredentials()
# Get All the Computers
$Computers = $Session.GetComputers()
# Set where to save the output
$SaveDirectory = ( $( Read-Host "Provide directiory to save the report" ) -replace '"' )
# Create a time stamp for the file
$TimeStamp=$( Get-Date -UFormat %m-%d-%y_%H:%M:%S )
# File to save report too
$OutputFile = "${SaveDirectory}/Encryption Report_${TimeStamp}.csv"
# Write Header to file
Out-File -FilePath "${OutputFile}" -InputObject "computer_id`tsite`tcomputer_name`tserial_number`tfv2_status`t`tfv2_complete`tfv2_valid_prk`taccounts_fv2_enabled`taccounts_not_fv2_enabled`t"
# Loop through all the computres
ForEach ( $Computer in $Computers.computers.computer ) {
# Get the computers inventory
$computer = $Session.GetComputerSubsetByID( $computer.computer.general.id, "General&Hardware&Groups_Accounts" )
# Get the BootPartition
$BootParition = $computer.computer.hardware.storage.device.partitions.partition | Where-Object { $_.name -match "(Boot Partition)" }
# FileVault2 Status
$FV2_status = $BootParition.filevault2_status
# FileVault2 Percentage complete
if ( $BootParition.filevault2_percent -eq 100 ) {
$FV2_complete = $true
}
else {
$FV2_complete = $false
}
if ( $fv_prk_valid_group -in $computer.computer.groups_accounts.computer_group_memberships.group ) {
$fv2_valid_prk = $true
}
elseif ( $fv_prk_missing_group -in $computer.computer.groups_accounts.computer_group_memberships.group ) {
$fv2_valid_prk = $false
}
# Easy way to check which users are FV2 Enabled
# $computer.computer.hardware.filevault2_users
# Create Arrays
$FV2_enabled_accounts = @()
$FV2_nonenabeld_accounts = @()
# Get where accounts are FV2 enabled or not
ForEach ( $User in $computer.computer.groups_accounts.local_accounts.user ) {
if ( $User.filevault_enabled -eq $true ) {
$FV2_enabled_accounts += $user.name
}
else {
$FV2_nonenabeld_accounts += $user.name
}
}
# Store information
$export_info = "$($computer.computer.general.id)`t$($computer.computer.general.site.name)`t$($computer.computer.general.name)`t$($computer.computer.general.serial_number)`t${FV2_status}`t${FV2_complete}`t${fv2_valid_prk}`t${FV2_enabled_accounts}`t${FV2_nonenabeld_accounts}"
# Write information to file
Out-File -FilePath "${OutputFile}" -InputObject "${export_info}" -Append
}
Write-Host "Report complete!"
Reference in New Issue View Git Blame Copy Permalink