Bitlockeragentprocedure

BitLocker Detection and Recovery Key Retrieval

Detect encrypted drives and get the key

Description

This agent procedure checks the C drive to see if it is encrypted using BitLocker and extract the BitLocker Recovery key then document the results to the asset, in the Audit module. This uses Custom Fields in VSA allowing you to create Views, Report on it, or even use the View in a Policy.

If you want to check other drives, you just need to edit the PowerShell command in the Agent Procedure to check a different disk.

This agent procedure is the latest version that performs some error checking before entering the result in the custom field. It checks for the presence of the BitLocker feature as the previous version wasn’t accurate in these cases.

Developer
  • Name: Sidney Sahdala
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • BitLocker Detection and Recovery Key Retrieval
  • 414 Downloads
  • Version: 2.0
  • Initially Released September 5th, 2019
  • Discussion
    Gravatar for Rob S
    Rob S about 2 months ago

    This works, but the temporary text file that's created doesn't get deleted. Can that be fixed?

    Gravatar for Jeff Lorenzen
    Jeff Lorenzen about 2 months ago

    @Rob S, just add a line in your procedure to delete the temporary file after it's been read into the custom field.  

    Gravatar for David Perhacs
    David Perhacs about 2 months ago

    Jeff is correct. I had taken it out of the original script for testing purposes and never put it back.

    Gravatar for Rob S
    Rob S about 2 months ago

    Actually, the line is there, but it doesn't seem to work? (or at least it's not doing what it should).

    Gravatar for Rob S
    Rob S about 2 months ago

    I figured it out - the line was there, but was just disabled (didn't realise that was a thing!) - but all now working as expected. Thanks!