Category filter

Script to fetch BitLocker Recovery key on Windows devices

BitLocker is a built-in full volume encryption tool in Windows devices introduced by Microsoft to enhance security by enforcing encryption for system drives, fixed data drives and removable data drives. It prevents unauthorized access of corporate data on lost or stolen Windows devices by encrypting the system volume on the hard disk. The BitLocker recovery key is a 48-digit numerical password that can be used to unlock your Windows device in case the user forgets the device password.

Hexnode allows you to escrow the recovery key in the UEM console when you enable BitLocker via the UEM console. The recovery key will not get escrowed in the UEM console if BitLocker is manually enabled on the device and not via policies. However, Hexnode UEM lets you execute custom scripts on your Windows devices to fetch the recovery key of devices on which BitLocker has been manually enabled.

Disclaimer:

The Sample Scripts provided below are adapted from third-party Open-Source sites.

Fetch BitLocker Recovery key

$bitlockerDetails = Get-BitLockerVolume 
Foreach($drive in $bitlockerDetails) 
{ 
$drive.MountPoint + $bitlockerDetails.KeyProtector.RecoveryPassword 
}

$bitlockerDetails = Get-BitLockerVolume

Foreach($drive in $bitlockerDetails)

{

$drive.MountPoint + $bitlockerDetails.KeyProtector.RecoveryPassword

}

The script produces an output that displays the recovery key of the system, fixed and removable drives individually. You can easily copy the corresponding recovery keys and store them in a safe location.

Notes:

It is recommended to manually validate the script execution on a system before executing the action in bulk.
Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

Need more help?

Raise a Ticket

Ask Community

Chat With us