在没有管理员的情况下从C#以编程方式检测BitLocker [英] Detect BitLocker programmatically from c# without admin

问题描述

在各种线程中，我都拼凑了如何以编程方式检查BitLocker，如下所示:

From various threads I've cobbled together how to check for BitLocker programmatically like this:

private void TestBitLockerMenuItem_Click(object sender, RoutedEventArgs e) {
   var path=new ManagementPath(@"\ROOT\CIMV2\Security\MicrosoftVolumeEncryption")
               { ClassName="Win32_EncryptableVolume" };
   var scope=new ManagementScope(path);
   path.Server=Environment.MachineName;
   var objectSearcher=new ManagementClass(scope, path, new ObjectGetOptions());
   foreach (var item in objectSearcher.GetInstances()) {
      MessageBox.Show(item["DeviceID"].ToString()+" "+item["ProtectionStatus"].ToString());
   }
}

但是仅在该进程具有管理员权限时有效.

But it only works if the process has admin privileges.

奇怪的是，任何老的Windows用户都可以转到资源管理器，右键单击驱动器，并确定它是否已打开BitLocker，但是程序似乎无法完成此任务.有人知道这样做的方法吗?

It seems odd that any old Windows user can go to Explorer, right-click on a drive, and find out if it has BitLocker turned, but a program cannot seem to get this done. Does anyone know of a way to do this?

推荐答案

Windows通过使用

Windows displays this in the shell by using the Windows Property System in the Win32 API to check the undocumented shell property System.Volume.BitLockerProtection. Your program will also be able to check this property without elevation.

如果此属性的值为1、3或5，则在驱动器上启用BitLocker.其他任何值均视为关闭.

If the value of this property is 1, 3, or 5, BitLocker is enabled on the drive. Any other value is considered off.

在寻找此问题的解决方案期间，我在 HKEY_CLASSES_ROOT \ Drive \ shell \ manage-bde \ AppliesTo 中找到了对该shell属性的引用.最终，这一发现使我找到了这个解决方案.

During my search for a solution to this problem, I found references to this shell property in HKEY_CLASSES_ROOT\Drive\shell\manage-bde\AppliesTo. Ultimately, this discovery lead me to this solution.

Windows属性系统是一个低级API，但是您可以使用 Windows API代码包.

The Windows Property System is a low-level API, but you can use the wrapper that's available in the Windows API Code Pack.

Install-Package WindowsAPICodePack

使用

using Microsoft.WindowsAPICodePack.Shell;
using Microsoft.WindowsAPICodePack.Shell.PropertySystem;

代码

IShellProperty prop = ShellObject.FromParsingName("C:").Properties.GetProperty("System.Volume.BitLockerProtection");
int? bitLockerProtectionStatus = (prop as ShellProperty<int?>).Value;

if (bitLockerProtectionStatus.HasValue && (bitLockerProtectionStatus == 1 || bitLockerProtectionStatus == 3 || bitLockerProtectionStatus == 5))
   Console.WriteLine("ON");
else
   Console.WriteLine("OFF");

这篇关于在没有管理员的情况下从C#以编程方式检测BitLocker的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！