We help IT Professionals succeed at work.

Get bitlocker keys remotely

Manage Bitlocker keys for enterprise network, gather the keys and log any computers offline that resulted in not getting bitlocker key for that computer

below script is not working correctly for multiple computers to be checked for online connectivity write log, get bitlocker or else write log stating computername of machine that is offline, I don't know where I went wrong with my function for the log because all thats happening is log file shows date time stamp and nothing else and I'm not getting any other keys

function log($string){
write-host $string
$timestamp =  (get-date -format dd-mm-yyyy) + "|" + (get-date -format HHMMsstt)
$computers = get-content -path '\\computername\c$\users\admin\desktop\scripts\Laptops.txt'
if(Test-Connection -ComputerName $computer -count 1 -quiet){

log "$computer is online getting bitlocker key"
manage-bde -protectors -get c: -computername $computer > "\\computername\c$\users\admin\desktop\bitlocker\$computer.txt"
$logfile  = "\\computername\c$\users\admin\desktop\scripts\logs\devicesoffline.txt"
log "$computer is Offline"
$timestamp + " " + $string | out-file -FilePath $logfile -Append -force

Watch Question

Top Expert 2014
You've got a bit of a mess.  The "log" function is calling itself for no reason, and other issues.  Perhaps it got that way while moving things around in an attempt to get it doing what you want.

In any case, to simplify things I'm just getting rid of the function.  Typically a function would be defined when you have to repeat the same set of actions multiple times in a script, and I don't see that here.
$computers = Get-Content -Path '\\computername\c$\users\admin\desktop\scripts\Laptops.txt'
$logfile  = "\\computername\c$\users\admin\desktop\scripts\logs\devicesoffline.txt"
foreach ($computer IN $computers) {
    if (Test-Connection -ComputerName $computer -count 1 -quiet) {
        Write-Host "$computer is online getting bitlocker key"
        manage-bde -protectors -get c: -computername $computer | Out-File "\\computername\c$\users\admin\desktop\bitlocker\$computer.txt"
    else {
        $timestamp = Get-Date -Format "dd-MM-yyyy|HHmmsstt"
        Write-Host "$computer is Offline"
        "$timestamp $computer is Offline" | Out-File -FilePath $logfile -Append -force

Open in new window

Especially if you're just interested in the recovery keys, there are other ways to retrieve the info.  Using the Get-BitLockerVolume cmdlet in combination with PS Remoting is one, and querying WMI is another.  Either one will give you the recovery key as a separate property (better than having to parse the text output from manage-bde.exe). And with that you could easily output the results as a single .CSV instead of a separate file for each computer.
Brandon MacSystem Administrator, Networking Specialist



Yes...lol it looks like I didn't catch that when I copied it. I must have had another  verison on the clipboard when I hit paste into the window. Thanks for taking the time to look at this and help me out. Also I appreicate your input about other methods as well as I learn PS and the ways of automating tasks its good to find someone willing to share other ways that may work better or more efficient. Thanks