Get BitLocker Recovery Key
  • 27 Sep 2023
  • 1 Minute to read
  • PDF

Get BitLocker Recovery Key

  • PDF

Article summary

This PowerShell script helps IT Admins to get the BitLocker Recovery key from Windows 10 and above devices.

Scalefusion retrieves the BitLocker Recovery key from the devices, however, in case the Key is not fetched, the following PowerShell script can help IT Admins quickly get the required information.

  • Create a file on your desktop, for example, get_bitlocker_recovery_password.ps1 and open it in a text editor like notepad++
  • Copy the contents below to the file or click here to download the file. 
    Shell
    $BitlockerVolumers = Get-BitLockerVolume
    $BitlockerVolumers |
    ForEach-Object {
    $MountPoint = $_.MountPoint
    $RecoveryKey = [string]($_.KeyProtector).RecoveryPassword
    if ($RecoveryKey.Length -gt 5) {
    Write-Output ("The drive $MountPoint has a recovery key $RecoveryKey.")
    }
    }

  • This is a PowerShell script that retrieves information about BitLocker-encrypted volumes and outputs the recovery key for each volume if one is available. The script does the following:
    • Retrieves a list of BitLocker-encrypted volumes using the "Get-BitLockerVolume" cmdlet.
    • Iterates over each volume in the list and retrieves the mount point and recovery key.
    • Checks if the length of the recovery key is greater than 5 characters.
    • If the recovery key is available, it outputs a message indicating the drive and its recovery key.
  • Follow our guide to upload & publish the PowerShell script using Scalefusion Dashboard.
  • Once the script is successfully executed, you will be able to see the status of the same in the View Statusreport on the Scalefusion dashboard.
    • Click on the PowerShell script and click on the View Status.
    • Executed means that the script has successfully run on the device. Click on View Output.
    • This will show the Key in a new window.
Please note that to use the PowerShell scripts, the Scalefusion MDM Agent Application must be installed on the device(s). Please follow our guide to publish and install the Scalefusion MDM Agent Application.

Notes:
  1. The scripts and their contents are sourced from various albeit authenticated Microsoft sources and forums.
  2. Please validate the scripts on a test machine before deploying them on all your managed devices.
  3. Scalefusion has tested these scripts, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these scripts.



Was this article helpful?