Tuesday, October 1, 2019

A little script to back up your BitLocker keys to Active Directory

If you are using Azure AD then change Backup-BitLockerKeyProtector to BackupToAAD-BitLockerKeyProtector

# Backup-BitlockerKeys.ps1
# by Mark Randol
# randoltech.blogspot.com
# This script iterates through all of your possibly encryptable drives
# and if they are encrypted, backs up the keys to Active Directory.

$PossibleDrives = Get-BitLockerVolume
foreach ($Drive in $PossibleDrives)
{
    $DriveLetter = $Drive.MountPoint
    $Protectors = ((Get-BitLockerVolume -MountPoint $DriveLetter).KeyProtector)
    foreach ($Protectors in $Protectors) {
        $ProtectorID = $Protector.KeyProtectorId
        $ProtectorType = $Protector.KeyProtectorType
        if ($ProtectorType -eq "RecoveryPassword") {
            Backup-BitLockerKeyProtector -MountPoint $DriveLetter -KeyProtectorId $ProtectorID -Verbose
        }
    }
}

Posted by at No comments:
Subscribe to: Posts (Atom)