Get bitlocker keys remotely

Brandon Mac
Brandon Mac used Ask the Experts™
on
Manage Bitlocker keys for enterprise network, gather the keys and log any computers offline that resulted in not getting bitlocker key for that computer

below script is not working correctly for multiple computers to be checked for online connectivity write log, get bitlocker or else write log stating computername of machine that is offline, I don't know where I went wrong with my function for the log because all thats happening is log file shows date time stamp and nothing else and I'm not getting any other keys

function log($string){
write-host $string
$timestamp =  (get-date -format dd-mm-yyyy) + "|" + (get-date -format HHMMsstt)
$computers = get-content -path '\\computername\c$\users\admin\desktop\scripts\Laptops.txt'
FOREACH($COMPUTER IN $COMPUTERS){
if(Test-Connection -ComputerName $computer -count 1 -quiet){

log "$computer is online getting bitlocker key"
manage-bde -protectors -get c: -computername $computer > "\\computername\c$\users\admin\desktop\bitlocker\$computer.txt"
}
else{
$logfile  = "\\computername\c$\users\admin\desktop\scripts\logs\devicesoffline.txt"
log "$computer is Offline"
$timestamp + " " + $string | out-file -FilePath $logfile -Append -force
      }

}
}
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014
Commented:
You've got a bit of a mess.  The "log" function is calling itself for no reason, and other issues.  Perhaps it got that way while moving things around in an attempt to get it doing what you want.

In any case, to simplify things I'm just getting rid of the function.  Typically a function would be defined when you have to repeat the same set of actions multiple times in a script, and I don't see that here.
$computers = Get-Content -Path '\\computername\c$\users\admin\desktop\scripts\Laptops.txt'
$logfile  = "\\computername\c$\users\admin\desktop\scripts\logs\devicesoffline.txt"
  
foreach ($computer IN $computers) {
    if (Test-Connection -ComputerName $computer -count 1 -quiet) {
        Write-Host "$computer is online getting bitlocker key"
        manage-bde -protectors -get c: -computername $computer | Out-File "\\computername\c$\users\admin\desktop\bitlocker\$computer.txt"
    }
    else {
        $timestamp = Get-Date -Format "dd-MM-yyyy|HHmmsstt"
        Write-Host "$computer is Offline"
        "$timestamp $computer is Offline" | Out-File -FilePath $logfile -Append -force
    }
}

Open in new window


Especially if you're just interested in the recovery keys, there are other ways to retrieve the info.  Using the Get-BitLockerVolume cmdlet in combination with PS Remoting is one, and querying WMI is another.  Either one will give you the recovery key as a separate property (better than having to parse the text output from manage-bde.exe). And with that you could easily output the results as a single .CSV instead of a separate file for each computer.
Brandon MacSystem Administrator, Networking Specialist

Author

Commented:
Footech,

Yes...lol it looks like I didn't catch that when I copied it. I must have had another  verison on the clipboard when I hit paste into the window. Thanks for taking the time to look at this and help me out. Also I appreicate your input about other methods as well as I learn PS and the ways of automating tasks its good to find someone willing to share other ways that may work better or more efficient. Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial