Windows - Storing the BitLocker volume keys using a Custom Field

Use a FileWave Custom Field to store the volume keys for your BitLocker volumes. This can be helpful if you don't have another way to escrow the volume keys. The Custom Field outlined in this article will get the volume key for every volume so if there is an encrypted C: and D: you would see both reported by this field. 

FileWave 13.1.0+

  1. Download the following Custom Field export.
  2. Import the downloaded file into "FileWave Admin>Assistants>Custom Fields>Edit Custom Fields>Import".
  3. Save changes within Custom Fields dialog.
  4. Associate Custom Field with desired Windows devices via "right-click>Edit Custom Field(s) Associations".
    1. A Windows-based Smart Group is very helpful to quickly associate Custom Field
    2. Smart Group criteria: "Client OS Platform [equals] Windows"

FileWave 12.7.0 - 13.0.3

  1. Create new Custom Field via "FileWave Admin>Assistants>Custom Fields>Edit Custom Fields>[+]".
  2. Change the Custom Fields to the following:
    1. Name: BitLocker Key
    2. Internal name: bitlocker_key
    3. Description: [optional]
    4. Provided By: Client Script
    5. Data Type: String
    6. Use default value: Pending...
    7. Client Script>Windows: PowerShell

  3. Copy/paste the following script into the scripting box under the Windows section:
    BitLocker Keys
    # FileWave client will execute this script. The output will be used as the value of the custom field.
    # 
    # Below is an example of how to read the value of one ENVIRONMENT VARIABLE in your script:
    
    # $my_var = $Env:ENV_VAR_NAME
    # 
    # Identify all the Bitlocker volumes.
    $BitlockerVolumers = Get-BitLockerVolume
    
    # For each volume, get the RecoveryPassowrd and display it.
    $BitlockerVolumers |
        ForEach-Object {
            $MountPoint = $_.MountPoint 
            $RecoveryKey = [string]($_.KeyProtector).RecoveryPassword       
            if ($RecoveryKey.Length -gt 5) {
                Write-Output ("$MountPoint,$RecoveryKey")
            }        
        }
    
    exit 0
  4. Save changes within Custom Fields dialog.
  5. Associate Custom Field with desired Windows devices via "right-click>Edit Custom Field(s) Associations".
    1. A Windows-based Smart Group is very helpful to quickly associate Custom Field
    2. Smart Group criteria: "Client OS Platform [equals] Windows"

Results


There is no content with the specified labels