Storing the BitLocker volume keys using a Custom Field
Use a FileWave Custom Field to store the volume keys for your BitLocker volumes. This can be helpful if you don't have another way to escrow the volume keys. The Custom Field outlined in this article will get the volume key for every volume so if there is an encrypted C: and D: you would see both reported by this field.
Adding the Custom Field
- Download the following Custom Field export: BitLocker Key Custom Field.customfields
- Import the downloaded file into "FileWave Admin>Assistants>Custom Fields>Edit Custom Fields>Import".
- Save changes within Custom Fields dialog.
- Associate Custom Field with desired Windows devices via "right-click>Edit Custom Field(s) Associations".
- A Windows-based Smart Group is very helpful to quickly associate Custom Field
- Smart Group criteria: "Client OS Platform [equals] Windows"
Here is the script from the Custom Field:
# FileWave client will execute this script. The output will be used as the value of the custom field.
#
# Below is an example of how to read the value of one ENVIRONMENT VARIABLE in your script:
# $my_var = $Env:ENV_VAR_NAME
#
# Identify all the Bitlocker volumes.
$BitlockerVolumers = Get-BitLockerVolume
# For each volume, get the RecoveryPassowrd and display it.
$BitlockerVolumers |
ForEach-Object {
$MountPoint = $_.MountPoint
$RecoveryKey = [string]($_.KeyProtector).RecoveryPassword
if ($RecoveryKey.Length -gt 5) {
Write-Output ("$MountPoint,$RecoveryKey")
}
}
exit 0
Assigning the Custom Field to devices
- Save changes within Custom Fields dialog.
- Associate Custom Field with desired Windows devices via "right-click>Edit Custom Field(s) Associations".
- A Windows-based Smart Group is very helpful to quickly associate Custom Field
- Smart Group criteria: "Client OS
PlatformPlatform [equals] Windows"
- Alternatively you could assign the field to all devices since only Windows devices will run the script.