FeaturedPower ShellScripts

BitLocker Status | Recovery Key

I had to run create a script to get the BitLocker status and the recovery key of bulk machines, and i have come up with this script.

Get the STATUS of Encryption
#Check the Encryption Status of the C: drive, filter to the Conversion Status line

$EncryptionStatus = (manage-bde -status  C: | where {$_ -match 'Conversion Status'})

#Check a status was returned.
if ($EncryptionStatus)
    {
      #Status was returned, tidy up the formatting
      $EncryptionStatus = $EncryptionStatus.Split(":")[1].trim()
    }
else
    {
      #Status was not returned. Explain why in the output
      $EncryptionStatus="Not Found On Network (or access denied)"
    }


#call the encryption status to get the value
$EncryptionStatus


Get the Recovery Key

# Export the BitLocker recovery keys for all drives and display them at the Command Prompt.
$BitlockerVolumers = Get-BitLockerVolume
$BitlockerVolumers |
ForEach-Object {
        $MountPoint = $_.MountPoint
        $RecoveryKey = [string]($_.KeyProtector).RecoveryPassword
        if ($RecoveryKey.Length -gt 5) {
        Write-Output ("The drive $MountPoint has a BitLocker recovery key $RecoveryKey.")
    }
}

You can use this script with SCCM and create a device collection and add bulk device on it. Then you can right click on Device collection and click Run script, choose the script you created and click next. You will see the end result as this screenshots.

Show More

Related Articles

Back to top button