Bitlocker management

This topic contains 3 replies, has 2 voices, and was last updated by  z442a9 1 week, 3 days ago.

  • Author
    Posts
  • #83894

    z442a9
    Participant

    I'm trying to build a script that can backup Bitlocker recovery keys from all Bitlocker protected volumes that the computer might have. I have been scratching my head with this.

    This one works for OS drive in my test machine but fails to backup my data drive D recovery password to AD.

    Get-BitLockerVolume | ForEach-Object {Backup-BitLockerKeyProtector -MountPoint $.MountPoint -KeyProtectorId $.KeyProtector[1].KeyProtectorId}

    I noticed that the problem is this part: $.KeyProtector[1]

    When I run Get-BitlockerVolume I can see that the KeyProtector property looks like this below. So the RecoveryPassword is stored in array index [0] for drive D and for [1] in drive C.

    VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection
    Point Percentage Enabled Status
    ———- —– ———- ———— ———- ———— ———- ———-
    OperatingSystem C: 126,40 FullyEncrypted 100 {Tpm, RecoveryPassword} On
    Data D: 126,87 FullyEncrypted 100 {RecoveryPassword, Ext... True On

    Question is how the heck I can modify my code to get all RecoveryPasswords from all possible Bitlocker protected drives that the computer might have?

  • #83908

    Pradeep Arora
    Participant

    error maybe, you need: $_. instead of $.

    • #83911

      z442a9
      Participant

      True but that was only a typo when copying code here

  • #83951

    z442a9
    Participant

    I was able to get it working as I want. Now it will backup every Bitlocker Recovery Key to AD. Any ideas how to optimize the code to even better?

    $BLVS = Get-BitLockerVolume | Where-Object {$_.KeyProtector | Where-Object {$_.KeyProtectorType -eq 'RecoveryPassword'}} 
    
    If ($BLV) {
        
        ForEach ($BLV in $BLVS) {
    
            $Key = $BLV | Select-Object -ExpandProperty KeyProtector | Where-Object {$_.KeyProtectorType -eq 'RecoveryPassword'}
    
            Backup-BitLockerKeyProtector -MountPoint $BLV.MountPoint -KeyProtectorID $Key.KeyProtectorId 
        }
    
    }
    
    Else {
    
        Write-Host "Nothing to backup" -ForegroundColor Magenta 
    }
    
    

You must be logged in to reply to this topic.