Hello,
I'm using the BitLocker Audit package to ensure all workstations are properly encrypted with BitLocker, even though Windows now does this automatically.
However, every time I update the package from the Microsoft Store, I "lose" my encryption key.
Could you include in the script a way to automatically encrypt using the key located in the directory c:\program files (x86)\Wapt\ssl?
Our installation is basic, but we only have one certificate in this directory, so we shouldn't have any surprises.
Thank you and have a good day.
BitLocker Audit Package - Request for SSL Modification
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
fschelfaut
- Messages: 30
- Registration: Nov 7, 2024 - 12:22
Good morning,
Did you modify the package? tis-audit-bitlocker and add your SSL certificate to the list decrypt_cert_list
Lines 71 to 73 of the packet:
Flavien,
Did you modify the package? tis-audit-bitlocker and add your SSL certificate to the list decrypt_cert_list
Lines 71 to 73 of the packet:
Code: Select all
target_encryption_method = 7
allow_swap_encryption_method = False # Not implemented yet
decrypt_cert_list = [] # <- here the name of ssl cert allowed to decrypt-
jcdemarque
- Messages: 24
- Registration: February 21, 2023 - 3:12 PM
Thank you for your reply.
Yes, I did that, but every time the package is updated at WAPT, I have to edit it again.
I thought that for most users, it would be enough to point to c:\program files (x86)\wapt\ssl and get the server certificate available on their machine.
Yes, I did that, but every time the package is updated at WAPT, I have to edit it again.
I thought that for most users, it would be enough to point to c:\program files (x86)\wapt\ssl and get the server certificate available on their machine.
-
fschelfaut
- Messages: 30
- Registration: Nov 7, 2024 - 12:22
Hello,
I've reworked the package so that it now accepts, by default, all certificates present in the WAPT SSL folder on the machine, provided they are Code Signing.
The package is available in PREPROD here.
Flavien,
I've reworked the package so that it now accepts, by default, all certificates present in the WAPT SSL folder on the machine, provided they are Code Signing.
The package is available in PREPROD here.
Flavien,
