BitLocker Detection and Recovery Key Retrieval 2.0

Sidney Sahdala
Sidney Sahdala Miami, FLMember, Kaseya Certified, Kaseyan, Kaseya Staff


edited May 3 in Solutions

Product Name: BitLocker Detection and Recovery Key Retrieval

Version: 2.0

Description : This agent procedure checks the C drive to see if it is encrypted using BitLocker and extract the BitLocker Recovery key then document the results to the asset, in the Audit module. This uses Custom Fields in VSA allowing you to create Views, Report on it, or even use the View in a Policy.

If you want to check other drives, you just need to edit the PowerShell command in the Agent Procedure to check a different disk.

This agent procedure is the latest version that performs some error checking before entering the result in the custom field. It checks for the presence of the BitLocker feature as the previous version wasn’t accurate in these cases.

Instructions :

This requires you to create two custom fields named BitLocker Status and BitLocker Recovery Key of type String. Once the Custom Fields are created, you can import the Agent Procedure.

You can create Custom Fields in the Audit module by going to:

VSA > Audit > View Individual Data > Machine Summary

Then import the Agent Procedure by going to:

VSA > Agent Procedures > Schedule / Create

After it has been properly imported the you just need to run this against your Windows endpoints. You can either run them manually or add it to a Policy under a schedule to run however often you want.

Documentation is included in the download.


  • Rob S
    edited February 2021

    This works, but the temporary text file that's created doesn't get deleted. Can that be fixed?

  • Jeff Lorenzen
    Jeff Lorenzen Boulder, COMember CHOCOLATE MILK
    edited February 2021

    @Rob S, just add a line in your procedure to delete the temporary file after it's been read into the custom field.  

  • David Perhacs
    David Perhacs Member CHOCOLATE MILK
    edited February 2021

    Jeff is correct. I had taken it out of the original script for testing purposes and never put it back.

  • Rob S
    edited February 2021

    Actually, the line is there, but it doesn't seem to work? (or at least it's not doing what it should).

  • Rob S
    edited February 2021
    I figured it out - the line was there, but was just disabled (didn't realise that was a thing!) - but all now working as expected. Thanks!
  • Zach Perry
    Zach Perry Member CHOCOLATE MILK

    We've been using this for a few months and for the most part it works wonderfully (thank you!) but occasionally we get some false negatives. Devices will have the Bitlocker Status custom field set to "Not encrypted" however after running Get-BitlockerVolume is shows as FullyEncrypted and running the (Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword command will print the key. Any ideas why this happens to a few? Running the procedure after verifying the commands results in a success then with no other comments (except for the skip unsupported OS steps) but the field doesn't change.

  • JesusShahid
    JesusShahid Houston TexasMember, IT Pro CHOCOLATE MILK

    We're using the cloud VSA, and are having trouble importing this XML. Are we missing something obvious?

    The file, if uploaded as an XML, just gives a genereic please upload an XML ex

  • Dave Woodfill
    Dave Woodfill Member CHOCOLATE MILK

    Im getting the same error as @JesusShahid

    Would love to start using this, any help is appreciated.

  • JPayne
    JPayne Jenks OKMember, Managed Service Provider CHOCOLATE MILK

    Hey @Dave Woodfill and @JesusShahid here is the fix to the procedure.

    Remove the periods obviously but its has the tool required to fix the tags which aren't in the new procedure environment anymore. Once you run it on the .xml you can import it and run it successfully😀.

  • Markus Malina
    Markus Malina Member CHOCOLATE MILK


    thanks for the nice script, used it already on on-premise but we step over to SAAS. Now we get error, when there is more then one key !

    FAILED in processing THEN step 3, Update System Info, with error Database access error, Failed SQL command: IF EXISTS (SELECT agentGuid FROM auditRsltManualFieldValues WHERE ((agentGuid = ?) AND (fieldNameFK IN (SELECT id FROM auditRsltManualFields WHERE ((fieldName = ?) AND (partitionId = (SELECT partitionId FROM machNameTab WHERE agentGuid = ?))))))) UPDATE auditRsltManualFieldValues SET fieldValue = ? WHERE ((agentGuid = ?) AND (fieldNameFK IN (SELECT id FROM auditRsltManualFields WHERE ((fieldName = (Line 22) 

    if copy the keys manuel it work (even it's long string )

    any help is appreciated