Sim hitting the reddit PowerShell because I think it’s my log the thing that is screwed up but I have written the code in different ways. but now I’m begging to think there is something that loops around and checks the conditions again and it’s screwing everything up/ Hence Im coming here to double check
I have the below on the intaller section.
manage-bde -status C: > C:\MBAM_Status.txt
$HD_EState ='unknown'
$HD_ConState='unknow'
foreach($line in Get-Content C:\MBAM_Status.txt)
{
if($line -eq " Protection Status: Protection On")
{
$HD_EState = 'on'
}
elseif ($line -eq " Protection Status: Protection Off")
{
$HD_EState = 'off'
}
elseif ($line -eq " Protection Status: Protection Off (1 reboots left)")
{
$HD_EState = 'suspended'
}
if ($line -eq " Conversion Status: Fully Encrypted")
{
$HD_ConState='encrypted'
}
elseif ($line -eq " Conversion Status: Fully Decrypted")
{
$HD_ConState='decrypted'
}
}
##############
$sysver = (Get-WmiObject -Class Win32_ComputerSystemProduct | Select version).version
$thinkpad = 'Thinkpad'
$HyperV = 'Hyper-V'
$ThinkStation = 'ThinkStation'
$ThinkCentre = 'ThinkCentre'
if($sysver -match $thinkpad)
{
$SystemType = "L"
} elseif ($sysver -match $HyperV)
{
$SystemType = "V"
}
elseif (($sysver -match $ThinkCentre) -OR ($sysver -match $ThinkStation))
{
$SystemType = "D"
}
else
{
$SystemType = "S"
}
#########
if (Test-Path -Path "C:\Program Files (x86)\Sophos")
{
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'ProtectionStatus' -Value 'ON'
}
else
{
if (Test-Path -Path "C:\Program Files\Microsoft\MDOP MBAM")
{
if($HD_EState -eq "on")
{
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'ProtectionStatus' -Value 'ON'
}
else
{
if($HD_EState -eq "suspended")
{
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'ProtectionStatus' -Value 'SUSPENDED'
Show-InstallationRestartPrompt -Countdownseconds 86400 -NoSilentRestart $false -SilentCountdownSeconds 60
}
else
{
if($SystemType -eq "L")
{
if($HD_ConState -eq "encrypted")
{
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'ProtectionStatus' -Value 'SUSPENDED'
Resume-BitLocker -MountPoint "C:"
}
else
{
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'ProtectionStatus' -Value 'OFF'
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'MBAM_Enabler' -Value '1'
}
}
}
}
}
else
{
if ($SystemType -eq "L")
{
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'ProtectionStatus' -Value 'OFF'
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'MBAM_Enabler' -Value '1'
Execute-MSI -Action 'Install' -Path 'MbamClientSetup-2.5.1100.0.msi'
Execute-MSI -Path "MBAM2.5_Client_x64_KB4041137.msp"
}
else
{
if ($SystemType -eq "S")
{
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'ProtectionStatus' -Value 'OFF'
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'MBAM_Enabler' -Value '1'
Execute-MSI -Action 'Install' -Path 'MbamClientSetup-2.5.1100.0.msi'
Execute-MSI -Path "MBAM2.5_Client_x64_KB4041137.msp"
}
else
{
Set-RegistryKey -Key 'HKEY_LOCAL_MACHINE\System\Encryption' -Name 'ProtectionStatus' -Value 'NOT NEEDED'
}
}
}
}
The application is even installing if the PC has MBAM installed. it should just tag the system and not install. :-/ :’(