<#
.SYNOPSIS
    Gets the current status of BitLocker.
.DESCRIPTION
    Tests the current status of BitLocker Drive Encryption on an Encryptable Volume.  Only returns true if the volume is fully encrypted and the protection status is on.
.EXAMPLE
    Get-BitLockerStatus
.EXAMPLE
    Get-BitLockerStatus -ComputerName "mycomputer.mydomain.com" -DriveLetter C:
.NOTES
    If no drive letter is specified, the default system drive will be used.
    The drive letter must be followed with a double colon.  IE: "C:".
.LINKS
    https://github.com/necromorph1024/HPTpmAndBitLocker
    https://msdn.microsoft.com/en-us/library/windows/desktop/aa376483%28v=vs.85%29.aspx
#>
function Get-BitLockerStatus
{    
    [CmdletBinding()]
    [OutputType([PSObject])]
    Param
    (
        # ComputerName, Type string, System to evaluate BitLocker against.
        [Parameter(Position=0,
                   ValueFromPipeline=$true)]
        [string[]]
        $ComputerName=$env:COMPUTERNAME,

        # DriveLetter, Type string, Drive letter to evaluate BitLocker against.  if NullOrEmpty the default SystemDrive will be used.
        [Parameter(Position=1,
                   HelpMessage="Drive letter format must be letter followed by colon, 'C:'")]
        [ValidatePattern('[a-zA-Z]:')]
        [string]
        $DriveLetter
    )

    if (-not(Test-Connection -ComputerName $ComputerName -Quiet -Count 2))
    {
        throw "Failed to connect to $ComputerName.  Please ensure the system is available."
    }

    if (-not($DriveLetter))
    {
        try
        {
            $drive=Get-WmiObject Win32_OperatingSystem -Namespace "root\CIMV2" -ComputerName $ComputerName -Property SystemDrive -ErrorAction Stop
            $volume=Get-WmiObject -Class Win32_EncryptableVolume -Namespace "root\CIMV2\Security\MicrosoftVolumeEncryption" -Filter "DriveLetter = '$($drive.SystemDrive)'" -ComputerName $ComputerName -ErrorAction Stop
        }
        catch
        {
            throw "Failed to connect to the necassary WMI Namespaces, to get the system drive.  Verfy that you have sufficent rights to connect to the Win32_OperatingSystem and Win32_EncryptableVolume Namespaces."
        }
    }
    else
    {
        $volume=Get-WmiObject -Class Win32_EncryptableVolume -Namespace "root\CIMV2\Security\MicrosoftVolumeEncryption" -Filter "DriveLetter = '$DriveLetter'" -ComputerName $ComputerName -ErrorAction Stop
        if ($volume -eq $null)
        {
            throw "Failed to enumarate the Win32_EncryptableVolume Namespace for $DriveLetter.  Please make sure the drive letter is correct and that the volume is accessable."
        }
    }

    $status=$volume.GetConversionStatus()
    switch ($status.ConversionStatus)
    {
        0 { $state="FullyDecrypted" }
        1 { $state="FullyEncrypted" }
        2 { $state="EncryptionInProgress" }
        3 { $state="DecryptionInProgress" }
        4 { $state="EncryptionPaused" }
        5 { $state="DecryptionPaused" }
    }

    $percentage=$status.EncryptionPercentage

    if ($volume.GetProtectionStatus().ProtectionStatus -eq 0)
    {
        $protection="ProtectionOff"
    }
    else
    {
        $protection="ProtectionOn"
    }

    $bdeStatus=[PSCustomObject] @{
                                      'Protection'=$protection
                                      'State'     =$state
                                      'Percentage'=$percentage
                                 }
    return $bdeStatus
}