/build/static/layout/Breadcrumb_cap_w.png

Use Kace to store and retrieve Bitlocker Recovery Keys

On one of my accounts that I support I was asked about using Kace custom inventory to make Bitlocker keys accessible to Service Desk agents that are not on the domain and do not have direct access to it. For this reason, they were not able to use the default ADUC Bitlocker recovery information stores and the customer was also having issues getting the keys all stored in there as well. After much trial and error(I am rather new to Kace management) I was able to get the information stored in Kace as needed using the following CIR:

 

ShellCommandTextReturn(cmd.exe /c \"%windir%\sysnative\manage-bde.exe -protectors -get c:\")

 

I tried literally hundreds of variations before this finally started producing the results we needed. The key seems to be the quote escapes, but I am not a Kace expert yet.. So I will leave that open for debate.

Hopefully this helps someone out there as I spent much time researching, opening tickets, and breaking things to finally get it working.

 

From here we have set up a daily report that gets sent to the team leads with all stored keys and also the individual machines can be viewed on the fly as it will be stored as part of their scheduled inventory updates.


Comments

  • Yea I helped someone a couple of weeks ago with this also, the sysnative is the key since the exe is 32 bit only
    http://www.itninja.com/question/bitlocker-script - SMal.tmcc 10 years ago
  • Not sure if this will reach the original posters but I'm trying to use the command and I was able to distribute it to my systems but for some reason the CIR is not populating. You can see my post here. Any help would be greatly appreciated!

    https://www.itninja.com/question/help-with-cir-bitlocker-key - hammondj 4 years ago
This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ