My company operates in a bit of a unique manner, we have ~1100 computers, with little to no infrastructure. i.e. no VPN tunnels between offices, no Active Directory domain/forest, and a mixture of Mac's and PC's. I've successfully set up the Cauliflower Vest server, and we've successfully encrypted Mac's using it. My question is, since we don't have any AD infrastructure, is there a way to modify the AD BitLocker Sync script to manually enter the fields and run the script? For example, if a tech is encrypting a new user's laptop, and we want to escrow the key, is there a way to run the script so that it prompts the tech for the key and inputs the other fields for them, then uploads the info to the server. I was trying to pull apart the script, but I'm not all that familiar with Python. Any help or suggestions would be much appreciated.
--
You received this message because you are subscribed to the Google Groups "cauliflowervest-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cauliflowervest-d...@googlegroups.com.
To post to this group, send email to cauliflower...@googlegroups.com.
Visit this group at https://groups.google.com/group/cauliflowervest-discuss.
For more options, visit https://groups.google.com/d/optout.
def EncryptVolumeC():
output = subprocess.check_output(["C:/WINDOWS/system32/manage-bde.exe","-on", "C:", "-recoverypassword"])
key = ""
keys = re.findall("[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}", output)
if len(keys) > 0:
key = keys[0]
return key
def EscrowKey(self, hostname, recovery_guid, recovery_password):
metadata = {
'hostname': hostname,
'dn': "fqdn=" + hostname + ",cn=computers,dc=example,dc=com",
'when_created': strftime('%Y%m%d%H%M%S.0Z', gmtime()),
'parent_guid': "00000000-0000-0000-0000-000000000000",
'owner': "username",
}
self.client.UploadPassphrase(recovery_guid, recovery_password, metadata)
def _find_between( s, first, last ): try: start = s.index( first ) + len( first ) end = s.index( last, start ) return s[start:end] except ValueError: return ""
client = win_client.BitLockerClient(server_url, opener, headers=headers)
bitlocker_escrow = BitLockerEscrow(client)
hostname = socket.gethostname()
recovery_guid = _find_between(subprocess.check_output(["mountvol","C:", "/L"]), "{","}")
recovery_password = EncryptVolumeC()
bitlocker_escrow.EscrowKey(hostname, recovery_guid, recovery_password)
--
You received this message because you are subscribed to the Google Groups "cauliflowervest-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cauliflowervest-discuss+unsub...@googlegroups.com.
To post to this group, send email to cauliflowervest-discuss@googlegroups.com.
Hi Maxim,Thanks for the quick reply!Yes, it is uploaded correctly. I'm able to retrieve the record with a GQL query:
select * from BitLockerVolume where hostname="host1"And via the "Query by Kind" interface.Thanks for looking into this!Guillermo
On Tue, Nov 1, 2016 at 5:46 PM, 'Maxim Ermilov' via cauliflowervest-discuss <cauliflowervest-discuss@googlegroups.com> wrote:Hi,> Is there any special metadata I would need to add for the hostname search to work?It should just work.Is hostname uploaded correctly?(You can check it in Cloud Console > Datastore > Entities. Entity Kind: BitLockerVolume)Thanks,Maxim
> And via the "Query by Kind" interface.Does hostname contain non-ascii characters?
_____Maxim
On Tue, Nov 1, 2016 at 5:56 PM, Guillermo Fuentes <gfuen...@gmail.com> wrote:
Hi Maxim,Thanks for the quick reply!Yes, it is uploaded correctly. I'm able to retrieve the record with a GQL query:
select * from BitLockerVolume where hostname="host1"And via the "Query by Kind" interface.Thanks for looking into this!GuillermoOn Tue, Nov 1, 2016 at 5:46 PM, 'Maxim Ermilov' via cauliflowervest-discuss <cauliflowervest-discuss@googlegroups.com> wrote:Hi,> Is there any special metadata I would need to add for the hostname search to work?It should just work.Is hostname uploaded correctly?(You can check it in Cloud Console > Datastore > Entities. Entity Kind: BitLockerVolume)Thanks,Maxim
--
You received this message because you are subscribed to the Google Groups "cauliflowervest-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cauliflowervest-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to cauliflowervest-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/cauliflowervest-discuss.
For more options, visit https://groups.google.com/d/optout.
No non-ascii characters are used.Only alphanumeric and hyphen are used for the hostname.Example: win-pc1
Yes.
v0.10.2
Yes.
v0.10.2
I use current git master about 3 weeks ago.
I'll use current one and report back.
Thanks
I use current git master about 3 weeks ago.
I'll use current one and report back.
Thanks
hostname = socket.gethostname().upper()
--
You received this message because you are subscribed to the Google Groups "cauliflowervest-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cauliflowervest-discuss+unsub...@googlegroups.com.
Thank you for reporting this issue.Fix submitted (https://github.com/google/cauliflowervest/commit/cd3617d7808f1dfc2c5d9a02494df9ed4dc54ea5).Thanks,Maxim
On Tue, Nov 8, 2016 at 12:32 PM, Guillermo Fuentes <gfuen...@gmail.com> wrote:
The BitLockerVolume.NormalizeHostname() makes the hostname value uppercase which causes the search to fail when the hostname field in the database is not all capitalized.Saving the capitalized hostname value in the database fixes the search issue:hostname = socket.gethostname().upper()Maxim, thanks so much for your help.Guillermo
--
You received this message because you are subscribed to the Google Groups "cauliflowervest-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cauliflowervest-discuss+unsub...@googlegroups.com.
To post to this group, send email to cauliflower...@googlegroups.com.