Making Bitlocker policy stricter (#7253)

Adding a filter to check that this is happening on the C drive and not some random other drive.
2026-05-23 08:58:41 +00:00 · 2022-08-18 13:45:17 -04:00 · 2022-08-18 13:45:17 -04:00 · dcee7a15ea
commit dcee7a15ea
parent e3aab3bda9
2 changed files with 3 additions and 2 deletions
--- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
+++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
@ -489,7 +489,7 @@ apiVersion: v1
 kind: policy
 spec:
  name: Full disk encryption enabled (Windows)
-  query: SELECT 1 FROM bitlocker_info where protection_status = 1;
+  query: SELECT 1 FROM bitlocker_info WHERE drive_letter='C:' AND protection_status=1;
  description: Checks to make sure that full disk encryption is enabled on Windows devices.
  resolution:
    "To get additional information, run the following osquery query on the failing device: SELECT * FROM bitlocker_info. In the
--- a/frontend/utilities/constants.ts
+++ b/frontend/utilities/constants.ts
@ -81,7 +81,8 @@ export const DEFAULT_POLICIES = [
  },
  {
    key: 7,
-    query: "SELECT 1 FROM bitlocker_info WHERE protection_status = 1;",
+    query:
+      "SELECT 1 FROM bitlocker_info WHERE drive_letter='C:' AND protection_status=1;",
    name: "Full disk encryption enabled (Windows)",
    description:
      "Checks to make sure that full disk encryption is enabled on Windows devices.",