Category filter
Script to fetch BitLocker Recovery key on Windows devices
BitLocker is a built-in full volume encryption tool in Windows devices introduced by Microsoft to enhance security by enforcing encryption for system drives, fixed data drives and removable data drives. It prevents unauthorized access of corporate data on lost or stolen Windows devices by encrypting the system volume on the hard disk. The BitLocker recovery key is a 48-digit numerical password that can be used to unlock your Windows device in case the user forgets the device password.
Hexnode allows you to escrow the recovery key in the UEM console when you enable BitLocker via the UEM console. The recovery key will not get escrowed in the UEM console if BitLocker is manually enabled on the device and not via policies. However, Hexnode UEM lets you execute custom scripts on your Windows devices to fetch the recovery key of devices on which BitLocker has been manually enabled.
Fetch BitLocker Recovery key
1 2 3 4 5 |
$bitlockerDetails = Get-BitLockerVolume Foreach($drive in $bitlockerDetails) { $drive.MountPoint + $bitlockerDetails.KeyProtector.RecoveryPassword } |
The script produces an output that displays the recovery key of the system, fixed and removable drives individually. You can easily copy the corresponding recovery keys and store them in a safe location.