GetProtectionStatus method of the Win32_EncryptableVolume class
The GetProtectionStatus method of the Win32_EncryptableVolume class indicates whether the volume and its encryption key (if any) are secured.
Protection is off if a volume is unencrypted or partially encrypted, or if the volume's encryption key is available in the clear on the hard disk.
Syntax
uint32 GetProtectionStatus(
[out] uint32 ProtectionStatus
);
Parameters
-
ProtectionStatus [out]
-
Type: uint32
Specifies whether the volume and the encryption key (if any) are secured.
Value Meaning - Unprotected
- 0
PROTECTION OFF
For a standard HDD:
The volume is unencrypted, partially encrypted, or the volume's encryption key is available in the clear on the hard disk. The encryption key is available in the clear on the hard disk if key protectors have been disabled by using the DisableKeyProtectors method or if no key protectors have been specified by using the following methods:- ProtectKeyWithCertificateFile
- ProtectKeyWithCertificateThumbprint
- ProtectKeyWithExternalKey
- ProtectKeyWithNumericalPassword
- ProtectKeyWithPassphrase
- ProtectKeyWithTPM
- ProtectKeyWithTPMAndPIN
- ProtectKeyWithTPMAndPINAndStartupKey
- ProtectKeyWithTPMAndStartupKey
For an EHDD:
The band for the volume is perpetually unlocked, has no key manager, or is managed by a third party key manager.
This can also mean that the band is managed by BitLocker but the DisableKeyProtectors method has been called and the drive is suspended.- Protected
- 1
PROTECTION ON
For a standard HDD:
The volume is fully encrypted and the encryption key for the volume is not available in the clear on the hard disk.
For an EHDD:
BitLocker is the key manager for the band. The drive can be locked or unlocked but cannot be perpetually unlocked.- Unknown
- 2
The volume protection status cannot be determined. This can be caused by the volume being in a locked state.
Windows Vista Ultimate, Windows Vista Enterprise and Windows Server 2008: This value is not supported. This value is supported beginning with Windows 7 and Windows Server 2008 R2.
Return value
Type: uint32
This method returns one of the following codes or another error code if it fails.
| Return code/value | Description |
|---|---|
|
The method was successful. |
Remarks
You can encrypt a volume only if you either call DisableKeyProtectors first or use one of the following methods:
- ProtectKeyWithCertificateFile
- ProtectKeyWithCertificateThumbprint
- ProtectKeyWithExternalKey
- ProtectKeyWithNumericalPassword
- ProtectKeyWithPassphrase
- ProtectKeyWithTPM
- ProtectKeyWithTPMAndPIN
- ProtectKeyWithTPMAndPINAndStartupKey
- ProtectKeyWithTPMAndStartupKey
Therefore, if the disk is encrypted and ProtectionStatus returns zero (PROTECTION OFF), keys are disabled.
Use GetKeyProtectors to list the key protectors that have been specified to secure the volume's encryption key. If key protectors exist but protection is zero (PROTECTION OFF), use EnableKeyProtectors to turn on volume protection.
Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista Enterprise, Windows Vista Ultimate [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Namespace |
Root\CIMV2\Security\MicrosoftVolumeEncryption |
| MOF |
|
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for