Bitlock windows 1 772x408

Get Bitlocker Status and Decrypt Key

Bitlocker Status & Key Retrieval

Description

This script will check the status of Bitlocker on the C:\ Drive of the machine and return it's status as well as the decrypt key to a custom field if enabled.

Developer
  • Name: Jay Jansen
  • Company: Thrive Networks
  • Website: http://www.thrivenetworks.com
  • Contact Developer
  • Summary
  • Get Bitlocker Status and Decrypt Key
  • 776 Downloads
  • Version:
  • Released on May 9th, 2018
  • Reviews
    Gravatar for Matthew Sheehan
    by Matthew Sheehan on October 11th, 2019

    This was an excellent and easy to use procedure. It seemed to work well for me and I now have a quick way to asses clients for this information.

    Gravatar for Dan Neuwirth
    by Dan Neuwirth on September 21st, 2018

    Worked beautifully for me. The hardest thing was trying to figure out how to add a custom field into Kaseya, but once I found it (Audit -> Machine Summary -> [New Custom Field]) and added the custom field everything worked flawlessly the first pass. Launched the script on approximately 1100 managed systems and within 5 minutes I had the Bitlocker status and keys for every single desktop/laptop node. Excellent. Now we no longer have to track all my client's nodes BitLocker keys in separate files for each client.

    Discussion
    Gravatar for Norberto
    Norberto over 2 years ago

    Need help with this.

    I receive this error:

    script summary: Failed THEN in step 2 (Line2)

    Gravatar for Oliver Heymanns
    Oliver Heymanns over 2 years ago

    Hi Noberto, you have to edit the procedure, line 2 you can choose which field to update......now iam stuck in line 3 "Failed Then in step 3

    Gravatar for Wynema Ware
    Wynema Ware over 2 years ago

    Any luck with Failed then in step 3?

    Gravatar for Craig Dean
    Craig Dean about 2 years ago

    Anyone got any instructions on this, I'm struggling too. 

    Gravatar for John Rutkowski
    John Rutkowski about 2 years ago

    i had no trouble. followed the instructions, works great.

    Gravatar for Dan Neuwirth
    Dan Neuwirth about 2 years ago

    Worked beautifully for me.  The hardest thing was trying to figure out how to add a custom field into Kaseya, but once I found it (Audit -> Machine Summary -> [New Custom Field]) and added the custom field everything worked flawlessly the first pass.  Launched the script on approximately 1100 managed systems and within 5 minutes I had the Bitlocker status and keys for every single desktop/laptop node.  Excellent.

    Gravatar for Onno de Vries
    Onno de Vries almost 2 years ago

    Hello Cliff,

    Please tell me, what the interface shows as error (line number and Agent Procedure Log information),  and as you recon it's the changed manage-bde command, please also run this command in Powershell "(Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword" on a station of which you know is encrypted with bitlocker and feed me the result of it (keeping in mind to not send any sensitive data, replacing the key with X's for instance)?

    Regards,

    Onno

    Gravatar for Dusty Frey
    Dusty Frey over 1 year ago

    Works great, thank you.

    Gravatar for KaseyaUser
    KaseyaUser about 1 year ago

    I got the error on line 3 as well.  

    I solved it by replacing C:\temp in the script with the Kaseya temp directory variable: #vAgentConfiguration.agentTempDir#

    I found the variable file access errors by looking in the Agent Procedure log:
    Agent > Agent Logs > Agent Admin Logs tab > Agent sub-tab.

    I didn't want to have the change C:\temp permissions for all computers like shown below, that why I used the Kaseya system temp directory variable.

    https://helpdesk.kaseya.com/hc/en-gb/articles/229038408-Why-is-the-Agent-Set-Credential-test-having-troubleshooting-failures-


    Gravatar for Rey Marquez
    Rey Marquez 7 months ago

    For failure in Step 2, your custom field string has to have the colon. If you look at the script, it looks for the string within the quotes.

    Incorrect: Bitlocker Status

    Correct: Bitlocker Status:

    You can either update your custom field or you can edit the script to remove the colon. I didn't try the latter, but it should work. Kaseya won't show the extra colon in the audit menu so no concern over having a double colon display.

    Gravatar for Arman Qalhashahi
    Arman Qalhashahi about 2 months ago

    How can I add a custom field for EncryptionMethod?  

    Gravatar for Jake Nichols
    Jake Nichols about 2 months ago

    @Arman 
    Depending on what you are trying to capture you could use powershell to pipe the result you want to a custom field. 

    Gravatar for Jake Nichols
    Jake Nichols about 2 months ago

    @Arman

    (Get-BitLockerVolume -MountPoint C).EncryptionMethod

    Gravatar for Niels O
    Niels O about 1 month ago

    It has always worked for me, but now I can't get the key/status and the Bitlocker is really on....also there are no fault codes it just says done.

    Gravatar for John Rutkowski
    John Rutkowski about 1 month ago

    I'd like to see a version of this that sets the PIN code, so people know the drive is encrypted.

    Gravatar for Mike Stanley
    Mike Stanley about 1 month ago

    please tell me, what the interface shows as error (line number and Agent Procedure Log information),  and as you recon it's the changed manage-bde command, please also run this command in Powershell "(Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword" on a station

    Gravatar for Mike Stanley
    Mike Stanley 29 days ago

    please tell me, what the interface shows as error (line number and Agent Procedure Log information),  and as you recon it's the changed manage-bde command, please also run this command in Powershell "(Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword" on a station bluestacks download omegle.