Problems with self-encrypting drives

Microsoft has published ADV180028

The advisory explains the recently discovered vulnerabilities for self-encrypting drives. SED’s means that the drive is encrypted using the hardware instead of software only encryption provided by BitLocker Drive Encryption™.

The vulnerability was discovered by Carlo Meijer and Bernard van Gastel from the Radboud University in the Netherlands.

Verify encryption method using Powershell

Get-BitLockerVolume | select encryptionmethod,mountpoint,VolumeType


In this example, the device is not vulnerable since hardware encryption is not present.

This code smippet will return if the machine is vulnerable or not (compliant $true) (vulnerable $false) based on encryption method which can be used with SCCM to get an overview in larger Environments.
$BitlockerVolume = Get-BitLockerVolume | select encryptionmethod,mountpoint,VolumeType,ProtectionStatus |? { $_.VolumeType -eq "OperatingSystem" -and $_.ProtectionStatus -eq "On" }

switch ($BitlockerVolume.encryptionmethod) {
Aes128 { $true }
Aes256 { $true }
Aes128Diffuser { $true }
Aes256Diffuser { $true }
XtsAes128 { $true }
XtsAes256 { $true }
Default { $false }

This work was done together with Jörgen Nilsson ( who has a detailed post about this and how to use SCCM to get the current status of compliant devices which is linked to below. He also provided a cab-fil which can be imported

Bitlocker Compliance using SCCM including Hardware encryption check

System Center User Group – Clients days 2018

System Center User Group Sweden (SCUGSE) Client Days, a 2 day event with many interresting sessions.

October 8th
October 9th

Microsoft Office – Stockholm
Finlandsgatan 36
36 Finlandsgatan
164 74 Akalla

On this 10 years celebration of SCUGSE, David James from the Config Manager product team will come to Sweden and present.


Agenda (as per June 28th)

Day 1

  • 0815 – Doors Open
  • 0900 – 0915 – Welcome – Jörgen & Stefan
  • 0915 – 1015 – State of the union – David James
  • 1015 – 1030 – Break / Networking
  • 1030 – 1115 – TBA – David James
  • 1115 – 1130 – Break / Networking
  • 1130 – 1215 – What’s new from Ignite! – Stefan Schörling / TBA
  • 1215 – 1300 – Lunch
  • 1300 – 1330 – Sponsor Session – TBA
  • 1330 – 1345 – Break / Networking
  • 1345 – 1430 – TBA – David James
  • 1430 – 1445 – Break / Networking
  • 1445 – 1530 – TBA – TBA
  • 1530 – 1615 – Q&A DJAM and Speakers

Day 2

  • 0815 – Doors Open
  • 0900 – 1000 – Windows 10 as a Service, the good the bad and the ugly – Stefan Schörling / Jörgen Nilsson
  • 1000 – 1015 – Break / Networking
  • 1015 – 1100 – Managing and Securing Web browsers in Windows 10 – Jörgen Nilsson
  • 1100 – 1115 – Break / Networking
  • 1115 – 1215 – From the Community – TBA
  • 1215 – 1300 – Lunch
  • 1300 – 1330 – Sponsor Session – Lookout
  • 1330 – 1345 – Break / Networking
  • 1345 – 1430 – What’s new in Windows 10 1809 – TBA
  • 1430 – 1445 – Break / Networking
  • 1445 – 1545 – Advanced Windows 10 Deployment Tricks “TS End2End” – Nickolaj A
  • 1545 – 1600 – Closing and Price Drawings

OBS! Genom att anmäla mig binder jag mig till en no-show avgift på 500kr om jag anmäler mig till en fri-biljett och inte kommer på eventet. Jag godkänner även att mina uppgifter kan även komma att delas med sponsorerna.


For tickets and further information, please visit:

SCUG SE on Facebook:



Guide on how to Configure SQL Server Index Optimization with Ola Hallengrens Maintenance Solution

Jörgen Nilsson and I presented this on TechEd North America and we thougt it would be a good idea to share this information in a more written form.

The purpose of this guide is to get a quick start of how to run SQL Server Index Optimization for non-database administrators.

To maintain performance in a Database it is most often recommended to maintain the indexes in a database. All applications has different support statements and best practices so before you implement this please review the specific application. You also need to consider that doing this will generate lots of transactional logs so keep an eye out for disk space and make sure you schedule backups after the tasks has run.

If you don’t maintain your indexes for System Center Configuration Manager your system will eventually be slow and suffer from performance issues like slow updates of collections different status messages and so on. So it’s vital to maintain your indexes. I have written a step by step to implementing a great community script from Ola Hallengren to do this. To get you started.

I highly recommend that you read the FAQ before you proceed.

First off you can run the IndexCheck script against the database you suspect has a high grade of defragmentation to display the actual fragmentation performance busters are most likely results with high page counts and high fragmentation.

1. Start SQL Management Studio and Login

2. Open the IndexCheck script. I usually add the extra statements provided below to the script from Ola

To Point out the Database to run against.


To sort the output in a more structured way by defragmentation I add

Order by AvgFragmentationInPercent desc

3. Execute the script and it will show you an output of the fragmentation level of the databases, as you see in the AvgFragmentationPercentage it will display the level.

4. OK, so now we see that we have defragmentation on our indexes, so SQL wise to maintain the Indexes there are three methods of doing that. And the solution will automatically choose depending on fragmentation level and if you have SQL Server Enterprise the “Rebuild Online” option will be available.

  • Reorganize (Kind of a defragmentation)
  • Rebuild (New indexes are created and rebuilt, NOTE: Its only available in SQL Server Enterprise)
  • Offline Rebuild (Same as B but it’s done offline)

5. Before we install the Maintenance solution we want to create a database in SQL we can use for logging the activities and saving our tasks in so we don’t put this information in any of the other databases.

6. In SQL Management Studio create a new Database.

7. Give it a Name and set the Size you want the database to have

8. Under Options change the Recovery Model to be Simple and press OK

9. Now when we have created a database to use for the solution we need to start the SQL Server Agent. Right click and start the Server Agent

10. Once it’s started we can open the MaintenanceSolution.sql and do the following edits.

  • Change Master to the Database name you selected earlier in my case SQL Maintenance
  • For the other values I suggest that you change the Backup Path to where you want to store the Backup Files the others I usually use the defaults for.

11. Execute the Script and verify that it has run successfully and that the jobs were created under SQL Server Agent

12. Now onto the IndexOptimize job which we need to configure.

  • By default the job runs on all your user databases on the Server so if you want to only run it on specified databases you need to configure that.
  • And you also need to set up this on a schedule, and my recommendation is to set it up on a weekly schedule at a time where you don’t have heavy load on the server.

NOTE: The first time you run the task I highly suggest that you have lots of time, we have seen that this task can take from minutes to several 10+ hours if the indexes are really defragmented and your SQL box is really performing well. So plan for that initial execution, once you have this running on a regular basis it will not take that long every time it runs.

13. To change the databases that the IndexOptimize task is run on right click on the job and select properties. Once in the properties go to the Steps section and select edit on the Step

14. To change it change the USER_DATABASES value to the preferred databases you want to run this against.

So if I’d like the job to run against only CM_S01 and SUSDB I would change the value to CM_S01, SUSDB. There are more options to choose from if you’d like to run against all databases and maybe just exclude on there are exclude options as well very well explained at the solution webpage.

15. So to setup a schedule navigate to the schedule section and click New.

16. Once in the schedule setup the schedule you want and plan so that it doesn’t interfere with any of your other maintenance tasks like backup. Simply give it a name and configure desired schedule.

17. As we enabled the solution to Log to a Table we can explore what actions it has taken by simply reviewing the CommandLog Table. To show what has been going on in my environment run the command below. Where we can track how long Index optimization takes and if we have certain indexes what we frequently hit and so forth.

USE SQLMaintenance
select * from dbo.CommandLog

18. We are also getting log files on the Disk Drives and they are stored under the default SQL Server Installation directory under Log.

19. To maintain the solution itself there are some tasks to do cleanup so we don’t fill the CommandLog table with years of data and the disks with log files for years. So to cleanup all these activities I highly suggest that you configure these additional jobs so that you cleanup after the solution. You may want to adjust the steps in the Jobs to have it keep the activities for the period of time you want to have. By default it keeps the data for 30 days. As a recommendation set them to run on a weekly basis as well

20. So now we have scheduled and configured Index Optimization, is very important that you keep track of disk space and that you schedule backups after the tasks are run as they will generate transaction logs that may fill up your disks.

A Special thanks to fellow MVP Steve Thompson for inspiring me to use the separate Database when using the Maintenance Solution. Also Ola Hallengren for making such an awesome solution and sharing it. Powered by Community