Bitlocker script

rickbergami · May 21, 2022, 1:03am

So I am trying to combine the script to enable bitlocker and to put the keys in field for bitlocker. It puts the key in, followed by a space and what looks like to be another bitlocker key. Like this. Any ideas? The script is below

681494-452694-589611-375661-634293-513139-189442-411664 010483-243672-185548-640453-621313-221254-126742-185801

681494-452694-589611-375661-634293-513139-189442-411664 ← actual key010483-243672-185548-640453-621313-221254-126742-185801

=======================================================

Created by Jeremy McMahan, McMahan TECH LLC. ==

With help from a couple of online articles ==

I forgot to document. ==

=======================================================

Actions to ready this script: ==

1. Replace the subdomain PLACEHOLDER with yours. ==

=======================================================

[cmdletbinding()]
param(
[Parameter()]
[ValidateNotNullOrEmpty()]
[string] $OSDrive = $env:SystemDrive
)

Import-Module $env:SyncroModule

try {
$ErrorActionPreference = “stop”

Enable Bitlocker using TPM

Enable-BitLocker -MountPoint $OSDrive -UsedSpaceOnly -TpmProtector -ErrorAction Continue
Enable-BitLocker -MountPoint $OSDrive -UsedSpaceOnly -RecoveryPasswordProtector

Start-Sleep -Seconds 30

$key = (Get-BitLockerVolume -MountPoint $OSDrive).KeyProtector|?{$_.KeyProtectorType -eq ‘RecoveryPassword’}
$kpi = [String]$key.KeyProtectorId
$realkey = (Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword

[string] $textc = (Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword

write-host “textc is $textc”

write-host “realkey is $realkey”

#BackupToAAD-BitLockerKeyProtector -MountPoint $OSDrive -KeyProtectorId $kpi

#Set-Asset-Field -Subdomain “mysubdomain” -Name “Bitlocker_Key_C” -Value $kpi
Set-Asset-Field -Subdomain “mysubdomain” -Name “Bitlocker_Key_C” -Value $realkey

Write-Host

}

catch {
Write-Host “Error while setting up AAD Bitlocker, make sure that you are AAD joined and are running the cmdlet as an admin: $_”
Create-Syncro-Ticket -Subdomain “mysubdomain” -Subject “BitLocker Deployment Issue” -IssueType “PC Issue” -Status “New”
}

jeremy · May 21, 2022, 1:47am

Some volumes have more than one key. Also, if there is more than one BitLocker-protected drive on the system stores it.

However, this looks like an old version of the code. Here’s an updated version that stores when the key was stored, the drive letter and the ID as well as the key: https://pastebin.com/xH4VC1ZG

rickbergami · May 21, 2022, 6:45pm

Works like a charm. Thanks so much

rickbergami · May 21, 2022, 6:58pm

Also, do you see any issue with running this on a computer that already has bitlocker enabled?

jeremy · May 24, 2022, 2:45am

I wouldn’t run it twice…

I do have this code for just retrieving BitLocker data I’d use instead: https://pastebin.com/jfdzwcVR

akdogan.bugra · December 26, 2022, 8:54am

Can you post these again please both links are dead

Topic		Replies	Views
Get BitLocker Keys and store them against the asset Other	7	3056	March 13, 2023
Remotely Encrypting and Locking Laptops for Rogue Employees Other	10	2054	April 20, 2022
"Access is Denied" When Running Script as System in Syncro scripting	3	233	June 8, 2024
Script History Report	12	1281	June 26, 2024
Get Anydesk ID Script Other scripting	5	858	October 26, 2022

Bitlocker script

=======================================================

Created by Jeremy McMahan, McMahan TECH LLC. ==

With help from a couple of online articles ==

I forgot to document. ==

=======================================================

Actions to ready this script: ==

1. Replace the subdomain PLACEHOLDER with yours. ==

=======================================================

Enable Bitlocker using TPM

write-host “textc is $textc”

write-host “realkey is $realkey”

Related Topics