Bitlocker Key ID and Recovery Key

  • 5 September 2019
  • 16 replies
  • 482 views
cfrieberg
Userlevel 4
Badge

Been working on a worklet policy to grab bitlocker keys ID and recovery keys.

So far I’ve been successful at making the policy create a .csv locally to the machine.

Not sure if this is the best place to post this, but if anyone wants to expand on this such as.

a) out-putting to FTP server, URL, etc. please do


$KeyProperties = @()

$KeyObj = @()

$Computer = $env:Computername

$Keys = Get-BitlockerVolume -MountPoint C:

$selected = $Keys | Select-Object -ExpandProperty KeyProtector

$Selected[1] | select-Object KeyprotectorID, RecoveryPassword

Foreach ($S in $Selected) {

    $KeyProperties = [pscustomobject]@{

            Computer = $Computer

            KeyProtectorID = $S.KeyProtectorID

            RecoveryPassword = $S.RecoveryPassword

    }

    $KeyObj += $KeyProperties

    }

$KeyObj[1] | Export-CSV "C:\$($Computer)_Keys.csv" -NoTypeInformation
This topic has been closed for comments

16 replies

Nic-Automox
Userlevel 7

Thanks for sharing @cfrieberg! I added in the code block formatting to your post - let me know if that looks like it kept the right indenting. For the code blocks, you just have to put ``` on the line above and below the code.

cfrieberg
Userlevel 4
Badge

thanks Nic!

dimforest
Badge 
testing testing 123

Oh look at that.

Nic-Automox
Userlevel 7

The code block feature is pretty nice. Not only does it preserve formatting, but it autodetects what programming language you are using and does color labels accordingly.

dimforest
Badge

Yea, that’s pretty slick!

Gavin-Automox

Thanks for sharing! This is awesome and something I’ve seen a lot of people ask for.

cfrieberg
Userlevel 4
Badge

Wasn’t sure how to edit my original post.


Just following up since I noticed output from this worklet also being stored in Automox Activity Log.


Interesting.


55%20AM

55%20AM1559×528 66.6 KB

dimforest
Badge

If you click the little pencil icon in the bottom left of your post you can edit it.

Nic-Automox
Userlevel 7

It’ll store in the log whatever message you return in the code. That does make it easier to have in one place to collect than gathering a bunch of CSV files from each endpoint.

cfrieberg
Userlevel 4
Badge

I’m blind…


45%20AM

45%20AM997×603 79.3 KB

Nic-Automox
Userlevel 7

It might be because I have the permissions locked down on submitting posts to the Worklet section - they have to get approved so that we can review the code first. Normally it will let you edit your post, but in this case it would let someone replace the code the originally posted with something potentially malicious or broken. Just send me your edits and I can replace the code for you.

J
Userlevel 3
Badge

How was this implemented into the existing bit locker script that Automox has provided on these forums? Did you just add it into the Remediation code?

cfrieberg
Userlevel 4
Badge

Yes - added to rc

H

Well, sorry to dig up an old thread. Wondering if there’s a way to store the keys in the device tags in automox, rather than a .csv on the machine.

J
Userlevel 3
Badge

This may be useful to you. Worklet: Install BitLocker and store keys in device tag - #23 by vukko


That is to install bitlocker and store the keys, but down in the comments there is a rough script for just grabbing keys and storing them in device tags.

H

Thanks for the pointer!

Terms & ConditionsCookie settings