Bitlocker script

So I am trying to combine the script to enable bitlocker and to put the keys in field for bitlocker. It puts the key in, followed by a space and what looks like to be another bitlocker key. Like this. Any ideas? The script is below

681494-452694-589611-375661-634293-513139-189442-411664 010483-243672-185548-640453-621313-221254-126742-185801

681494-452694-589611-375661-634293-513139-189442-411664 ← actual key010483-243672-185548-640453-621313-221254-126742-185801


Created by Jeremy McMahan, McMahan TECH LLC. ==

With help from a couple of online articles ==

I forgot to document. ==


Actions to ready this script: ==

1. Replace the subdomain PLACEHOLDER with yours. ==


[string] $OSDrive = $env:SystemDrive

Import-Module $env:SyncroModule

try {
$ErrorActionPreference = “stop”

Enable Bitlocker using TPM

Enable-BitLocker -MountPoint $OSDrive -UsedSpaceOnly -TpmProtector -ErrorAction Continue
Enable-BitLocker -MountPoint $OSDrive -UsedSpaceOnly -RecoveryPasswordProtector

Start-Sleep -Seconds 30

$key = (Get-BitLockerVolume -MountPoint $OSDrive).KeyProtector|?{$_.KeyProtectorType -eq ‘RecoveryPassword’}
$kpi = [String]$key.KeyProtectorId
$realkey = (Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword

[string] $textc = (Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword

write-host “textc is $textc”

write-host “realkey is $realkey”

#BackupToAAD-BitLockerKeyProtector -MountPoint $OSDrive -KeyProtectorId $kpi

#Set-Asset-Field -Subdomain “mysubdomain” -Name “Bitlocker_Key_C” -Value $kpi
Set-Asset-Field -Subdomain “mysubdomain” -Name “Bitlocker_Key_C” -Value $realkey



catch {
Write-Host “Error while setting up AAD Bitlocker, make sure that you are AAD joined and are running the cmdlet as an admin: $_”
Create-Syncro-Ticket -Subdomain “mysubdomain” -Subject “BitLocker Deployment Issue” -IssueType “PC Issue” -Status “New”

Some volumes have more than one key. Also, if there is more than one BitLocker-protected drive on the system stores it.

However, this looks like an old version of the code. Here’s an updated version that stores when the key was stored, the drive letter and the ID as well as the key:

1 Like

Works like a charm. Thanks so much

1 Like

Also, do you see any issue with running this on a computer that already has bitlocker enabled?

I wouldn’t run it twice…

I do have this code for just retrieving BitLocker data I’d use instead:

1 Like

Can you post these again please both links are dead