We find this very useful so we dont have to refer to AD for recovery keys each time a customer gets locked out.
#TODO - MAKE SURE YOU SETUP YOUR ASSET CUSTOM FIELD CALLED "Bitlocker_Key_<drive>" for each drive as a "Text Field" on your
# Syncro Device asset type. Assets -> Manage Types -> Syncro Device -> New Field
# Based on the Syncro Staff product keys script.
#TO Script - check if just encrypted by TPM and has no Recovery password and set so on Syncro
Import-Module $env:SyncroModule
#Creates temp directory if it does not exist
if (!(Test-Path -Path C:\Temp)) {
Set-Location C:\
md temp
}
#Set the location to C:\
Set-Location C:\Temp
if (Test-Path -Path C:) {
#Is BL Enabled?
$BLinfoC = Get-Bitlockervolume -MountPoint "C:"
if($blinfoC.ProtectionStatus -EQ 'On'){
Set-Asset-Field -Subdomain "alamo" -Name "Bitlocker_Enabled_C" -Value "BitLocker is enabled"
#Puts keys into text files
(Get-BitLockerVolume -MountPoint C:).KeyProtector.recoverypassword > C:\Temp\bitlockerkeyc.txt
#Gets keys from text files
[string] $textC = Get-Content C:\Temp\bitlockerkeyc.txt -raw
#Adds keys to Syncro
Set-Asset-Field -Subdomain "alamo" -Name "Bitlocker_Key_C" -Value $textC
#Removes text files with keys from PC for security
Set-Location C:\Temp
Del bitlockerkeyc.txt
} else {
Set-Asset-Field -Subdomain "alamo" -Name "Bitlocker_Enabled_C" -Value "BitLocker is NOT enabled"
}
} else {}
if (Test-Path -Path D:) {
#Is BL Enabled?
$BLinfoD = Get-Bitlockervolume -MountPoint "D:"
if($blinfoD.ProtectionStatus -EQ 'On'){
#Puts keys into text files
(Get-BitLockerVolume -MountPoint D:).KeyProtector.recoverypassword > C:\Temp\bitlockerkeyD.txt
#Gets keys from text files
[string] $textD = Get-Content C:\Temp\bitlockerkeyD.txt -raw
#Adds keys to Syncro
Set-Asset-Field -Subdomain "alamo" -Name "Bitlocker_Key_D" -Value $textD
#Removes text files with keys from PC for security
Set-Location C:\Temp
Del bitlockerkeyD.txt
} else {}
} else {}
if (Test-Path -Path E:) {
#Is BL Enabled?
$BLinfoE = Get-Bitlockervolume -MountPoint "E:"
if($blinfoE.ProtectionStatus -EQ 'On'){
#Puts keys into text files
(Get-BitLockerVolume -MountPoint E:).KeyProtector.recoverypassword > C:\Temp\bitlockerkeyE.txt
#Gets keys from text files
[string] $textE = Get-Content C:\Temp\bitlockerkeyE.txt -raw
#write-host "E:\ BitLocker Key $textE"
#Adds keys to Syncro
Set-Asset-Field -Name "Bitlocker_Key_E" -Value $textE
#Removes text files with keys from PC for security
Set-Location C:\Temp
Del bitlockerkeyE.txt
} else {}
} else {}