name: bitlocker_info
examples: >-
  Full Disk Encryption (FDE) reduces the risk of compromise when a device is lost or stolen. This query lists any system that does not have BitLocker enabled on its OS drive (typically `C:`). 
  
  ```
     
   SELECT * FROM bitlocker_info WHERE drive_letter='C:' AND protection_status != 1;

  ```

    
notes: >-
  * `protection_status` is quite nuanced - from the [Microsoft documentation](https://learn.microsoft.com/en-us/windows/win32/secprov/getprotectionstatus-win32-encryptablevolume#parameters):

   `protection_status = 0`

    For an Internal HD:
    The volume is unencrypted, partially encrypted, or the volume's encryption key is available in the clear on the hard disk.

    For an External HD:
    The band for the volume is perpetually unlocked, has no key manager, or is managed by a third party key manager.
    This can also mean that the band is managed by BitLocker but the DisableKeyProtectors method has been called and the drive is suspended.

   `protection_status = 1`

    For an Internal HD:
    The volume is fully encrypted and the encryption key for the volume is not available in the clear on the hard disk.

    For an External HD:
    BitLocker is the key manager for the band. The drive can be locked or unlocked but cannot be perpetually unlocked.

   `protection_status = 2`

    The volume protection status cannot be determined. This can be caused by the volume being in a locked state.