- #RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID INSTALL#
- #RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID PASSWORD#
- #RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID WINDOWS 7#
- #RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID WINDOWS#
Expand it so that you can see the tables and choose Verify that this value is in our MBAM database simply login to theĭatabase using SQL Management Studio and expand the MBAM Recovery and It will return something like the following if BitLockered
#RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID WINDOWS#
Once done, login to your Windows 7Ĭomputer and start an Administrative Command Prompt. In addition to the above you’ll want MBAM configured (local group
#RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID INSTALL#
Once done, install the MBAM client agent on the computer (see link 2 below or install it manually).
#RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID WINDOWS 7#
Ok that’s the explanation, how can you test it ?įirst of all you’ll need to Deploy a computer with Windows 7 and BitLocker encryption on it. The next step simply Suspends the Bitlockered drive manage - bde d : - protectors - disable Now that we have the key from MBAM it has been nicely placed in a variable for us called RecoveryKey, we unlock the drive using the following command in the next step called Unlock Bitlockered Drive manage - bde - unlock d : - RecoveryPassword %% RecoveryKey %% Note:- We only try to get the key if a Protected Volume (Encrypted) is detected (Guide here). Step is called Get Recovery Key from MBAM SQL in WinPE. To add a few new steps to get the key from your MBAM server, the first In your Refresh task sequence you’ll need Your SQL server in SQL Management Studio, choose properties, security).Īnd configure the OSD user in SQL like so with access to the MBAM Recovery and Hardware database So you’ll need to configure this on your MBAM server (right click on This requires SQL Server Authentication to be setup in SQL Server and Windows authentication mode (mixed) The script makes a call to the SQL database on our MBAM server ( Data Source=mbam) specifies the Database ( MBAM Recovery and Hardware) and the user/password we need to connect with ( User ID=OSD Password=Password123) like so:-ĬonString=”Provider=SQLOLEDB.1 Data Source=mbam,1433 Initial Catalog= User ID=OSD Password=Password123″ Set Con = CreateObject ( "ADODB.Connection" ) Msgbox "RecoveryKey retrieved from MBAM is:" & RecoveryKey
#RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID PASSWORD#
SQL = "SELECT RecoveryKey FROM RecoveryAndHardwareCore.Keys WHERE RecoveryKeyID='" & Password & "'" ' msgbox "Numerical Password:" & PasswordĬonString = "Provider=SQLOLEDB.1 Data Source=mbam,1433 Initial Catalog=MBAM Recovery and Hardware User ID=OSD Password=Password123" If InStr ( FileRow, "Password" ) 0 Then ' And InStr ( FileRow, "Numerical Password" )= 0 Run "%comspec% /C manage-bde.exe -protectors -get d: > x:\BLInfo.txt", 1, true Set fso = CreateObject ( "Scripting.FileSystemObject" )
Set WShell = CreateObject ( "WScript.Shell" ) Your scripts dir in your MDT Toolkit Files package Get_RecoveryKey_from_f, place the script in a sub directory of On the MBAM server and request the information.įirst of all you’ll need a script, let’s call it To get this key we make a connection to the SQL database (so that you can read/write) and to do so you need to provide the
Your BitLockered computers, you need to unlock the BitLockered drive and then suspend it Information, why ? well during a Refresh (reinstallation of Windows) on Script in Windows PE to connect to the SQL server and pull the needed
Have the MBAM client agent installed, and the MBAM Group Policy settingsĪre pointing to your MBAM server, then the info (recovery key etc) will To make things simple, once your computers are BitLocker protected and MBAM client agents to talk to, and they do this via Group Policy This means that you can have a central repository for your
Microsoft BitLocker Administration and Monitoring (MBAM) is a tool usedĪmongst other things, for storing the BitLocker keys used in yourĮnterprise. If you are using MDOP and BitLocker then you are more than likely aware of MBAM.
0 kommentar(er)
