Skip to main content

Been working on a worklet policy to grab bitlocker keys ID and recovery keys.


So far I’ve been successful at making the policy create a .csv locally to the machine.


Not sure if this is the best place to post this, but if anyone wants to expand on this such as.


a) out-putting to FTP server, URL, etc. please do



$KeyProperties = @()


$KeyObj = @()


$Computer = $env:Computername


$Keys = Get-BitlockerVolume -MountPoint C:


$selected = $Keys | Select-Object -ExpandProperty KeyProtector


$Selectede1] | select-Object KeyprotectorID, RecoveryPassword


Foreach ($S in $Selected) {


    $KeyProperties = =pscustomobject]@{


            Computer = $Computer


            KeyProtectorID = $S.KeyProtectorID


            RecoveryPassword = $S.RecoveryPassword


    }


    $KeyObj += $KeyProperties


    }


$KeyObjb1] | Export-CSV "C:\$($Computer)_Keys.csv" -NoTypeInformation

Thanks for sharing @cfrieberg! I added in the code block formatting to your post - let me know if that looks like it kept the right indenting. For the code blocks, you just have to put ``` on the line above and below the code.

thanks Nic!

testing testing 123


Oh look at that.

The code block feature is pretty nice. Not only does it preserve formatting, but it autodetects what programming language you are using and does color labels accordingly.

Yea, that’s pretty slick!

Thanks for sharing! This is awesome and something I’ve seen a lot of people ask for.

Wasn’t sure how to edit my original post.



Just following up since I noticed output from this worklet also being stored in Automox Activity Log.



Interesting.



55%20AM


55%20AM1559×528 66.6 KB

If you click the little pencil icon in the bottom left of your post you can edit it.

It’ll store in the log whatever message you return in the code. That does make it easier to have in one place to collect than gathering a bunch of CSV files from each endpoint.

I’m blind…



45%20AM


45%20AM997×603 79.3 KB

It might be because I have the permissions locked down on submitting posts to the Worklet section - they have to get approved so that we can review the code first. Normally it will let you edit your post, but in this case it would let someone replace the code the originally posted with something potentially malicious or broken. Just send me your edits and I can replace the code for you.

How was this implemented into the existing bit locker script that Automox has provided on these forums? Did you just add it into the Remediation code?

Yes - added to rc

Well, sorry to dig up an old thread. Wondering if there’s a way to store the keys in the device tags in automox, rather than a .csv on the machine.

This may be useful to you. Worklet: Install BitLocker and store keys in device tag - #23 by vukko



That is to install bitlocker and store the keys, but down in the comments there is a rough script for just grabbing keys and storing them in device tags.

Thanks for the pointer!

Terms & ConditionsCookie settings