Kaseya Community

Bit Locker Query

This question is not answered

This may be something which has been brought up before but i couldn't locate in another discussion.

im curious, is it possible to retrieve a Bit Locker recovery Key from a PC out in the field through Kasaya. 

not to test if its encrypted or if PC has TPM enabled, but save the recovery key / text file

Verified Answer
  • I have setup 2 scripts for bitlocker. There is a Script which posts the Bitlocker status to custom fields on the agent. For this script to work you need the custom fields 'Bitlocker Enabled', 'Bitlocker Status' and 'Bitlocker encryption Percentage'. These are custom fields so you can use them for reporting or just in a created view on the agent status page. :)

    another script is to get the bitlocker key and write this key to a file on the kaseya server in a file 'bitlocker.key'.

    5621.get Bitlocker key.xml8880.Bitlocker Status.xml

All Replies
  • Could do something like this in an executeShellCommandToVariable() step. Then put the variable in a custom field with updateSystemInfo().

    C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -NoLogo -ExecutionPolicy Bypass -Command "$RecoveryKey = manage-bde -protectors C: -get | findstr /R /C:\"......-......-\"; $RecoveryKey.Trim();"

  • I have some scripts which execute the bitlocker powershell commands to get the bitlocker status and recovery key to my kserver.

    if you know the bitlocker powershell commands, it's easy to setup.

    use this powershell to start:

    (get-bitlockervolume -mountpoint c).keyprotector

  • Hi Tjibbe, this looks pretty interesting. What other commands are you using?

  • Can you please share the script? I really would like to setup Kaseya to retrieve bitlocker status and recovery key. Thanks in advance.

  • I have setup 2 scripts for bitlocker. There is a Script which posts the Bitlocker status to custom fields on the agent. For this script to work you need the custom fields 'Bitlocker Enabled', 'Bitlocker Status' and 'Bitlocker encryption Percentage'. These are custom fields so you can use them for reporting or just in a created view on the agent status page. :)

    another script is to get the bitlocker key and write this key to a file on the kaseya server in a file 'bitlocker.key'.

    5621.get Bitlocker key.xml8880.Bitlocker Status.xml

  • I use a PowerShell script to retrieve the results of the "manage-bde -status" command and parse the text to determine (a) the status of BitLocker (disabled, enabled, etc) which is populated into a custom Agent field and (b) retrieve the recovery key, which is populated into a second custom field.  I run the script weekly and generate a report monthly for NOC techs to review for anomalies.  I also retrieve the key from AD for domain-joined PCs and my report confirms they match.

  • do you have a script to share. we are trying to use Get-Bitlocker one but windows 7 powershell is not recognizing the command.