BitLocker recovery keys

(imported topic written by nberger91)

Anyone created a task or property that retrieves the recovery keys ? Obviously my preffered method is to store the keys in AD DS, however theres a subset of laptops which arent on the domain, so im looking to fill in the gap.

Similar to the netstat -an port scan task ( , I was thinking of piping the results to text file then parsing using action script: waithidden cmd.exe /C manage-bde -protectors -get C: > “{pathname of parent folder of client}\bitlocker.log”

(which i’ll then delete)

Im seeing inconsistent results, and have issues parsing the output file in a readable format -

if ((name of operating system = “Win7” OR name of operating system = “WinVista”) AND (not exists file “bitlocker.log” of parent folder of regapp “besclient.exe”)) then “N/A” else (concatenation of lines of file “bitlocker.log” of parent folder of regapp “besclient.exe”)

Any better ideas to achieve this ?

(imported comment written by Pearsosm91)


I stumbled across your post while looking for an answer to something else I was trying to accomplish and was intrigued. I would very much be interested in doing something like this as well. I may fool around with the relevance when I have a little more time to focus on it, but am wondering if you were ever able to accomplish what you set out to since it’s been many months since you originally posted. If so, would you mind posting the relevance or the *.bes file for import? Thanks.