2 Replies Latest reply on May 24, 2017 5:24 AM by ldms_4mfe

    Bitlocker Recovery Key in Inventory

    ldms_4mfe Apprentice

      Hi,

       

      there is a Inventory Property - "Computer"."Mass Storage"."Drive Encryption"."Recovery Key"

       

      2017-05-23 18_34_57-LANDESK® Management Console.png

       

      Unfortunatelly the Inventory Information is not populated by the inventory scanner.

      Some of the other informations are collected by the Scanner:

      2017-05-23 18_36_34-Inventory - wuta-edv5761.png

       

       

       

      So my question is, is there a build in support for reading out the Recovery Key to this Inventory field or do I have to run additional scripts for populating this Inventory Entry?

       

      Thank you, Marco

       

       

       

       

      five(9)s.GmbH.Support.Account

        • 1. Re: Bitlocker Recovery Key in Inventory
          five(9)s.GmbH.Support.Account Specialist

          Hi Marco,

           

           

          there is no LDMS embedded (or OOTB) way to fill these Informations (in the well prepared Inventory Attribute) automatically from the Inventoryagent.

           

          From my point of view this could be an security thing...

           

          But there are some ways to fill or gather these Informations (or becoming Access to these Informations)

           

           

          One way is described here:  Script to Import Bitlocker Recovery Info and Update Computer Description in AD | Eddie Jackson 

          based on the  [  c:\windows\system32\manage-bde -protectors -get <driveletter> -type recoverypassword  ]  Function

           

          You can use also Powershell...  [   Get-BitLockerVolume | ? {$_.KeyProtector.KeyProtectorType -eq "RecoveryPassword"} | Select-Object MountPoint,@{Label='Key';Expression={"$($_.KeyProtector.RecoveryPassword)"}}   ]

          This list all Drives and there Recoverykeys.

           

          It is posible to create an Textfile and store this localy...  And gather these File with the "managed software list  =>  Settings => CfgFiles option

          For secirity reasons...   You can Crypt these FileContent...  For Example  you have 8 blocks of 6 numbers...  You can Change the order of these...   and only your Admin Guys known the right sequente   (2-3-1-5-7-6-8-4 and so on)

           

           

           

          One other way is to Build an connector to your AD and watch these informations there. (Without storing this sensible informations in the LDMS Database. And localy on the client in the Registry and in the inventoryfiles...)

           

           

           

          We hope this help

           

           

           

          Viele Grüße / Best Regards

          Markus

          • 2. Re: Bitlocker Recovery Key in Inventory
            ldms_4mfe Apprentice

            Hi Markus,

             

            thank you very much. Just want to make sure that I do not code a part that usually should work ootb.

             

            Thank you very much for your coding examples, this helps a lot. Especially the hint with the gather via CfgFiles.

             

            Best Regards, Marco

             

             

            also helpful:

            How to extend the Inventory Scanner capabilities